Abstract

Security Risk Management is foundation and starting point for implementation of security measures in any organization and challenge by itself. But in complex organizations there are additional challenges, how to align IT Security Risk Management with overall Security Risk Management and later with the Company's overall Risk Management. When organization is part of some international corporation, corporative rules also need to be followed in addition to legal and regulation rules. In telecom industry in regular operations also is very important that security assessment could be performed in short timeslot as support for operational decisions. Croatian Telecom as a part of Deutsche Telecom Group is facing all of this issues in addition to ISO 27001 requirements against which the Company is certified. To solve the challenge, the Company developed three methodologies for Information Security Risk Management. All of these methodologies are merged in common Risk Register as well as aligned with the Company's Risk Management. In this paper each Information Security Risk Management methodology will be described including its application area, as well as how recognized security risks are shown in common Risk Register and how they relate to the Company's Risk Management.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.