• 主题
高级搜索  >
历史搜索 清空历史
首页> 外文会议>International Conference on Availability, Reliability and Security >Towards a Systemic Approach for Information Security Risk Management
【24h】

Towards a Systemic Approach for Information Security Risk Management

机译:寻求系统的信息安全风险管理方法

获取原文
页面导航
  • 摘要
  • 著录项
  • 相似文献
  • 相关主题

摘要

Risk management in the field of information security is most often handled individually by enterprises, taking only a limited view on the influential factors coming from their providers, clients or more globally from their environment. This approach becomes less appropriate in the case of networked enterprises, which tend to form ecosystems with complex influence links. A more holistic approach is needed to take these into account, leading to systemic risk management, i.e. risk management on the entire system formed by the networked enterprises, to avoid perturbations of the ecosystem due to local, individual, decision-making. In this paper, we propose a new meta-model for Information System Security Risk Management (ISSRM), comprising systemic elements as defined in the General Systems Theory. We discuss the design of this new model, highlighting in particular how risk management can be related to a problem-solving approach and the important concepts that are instantiated when taking a systemic approach to ISSRM.
机译:信息安全领域中的风险管理通常是由企业单独处理的,对于它们的提供者,客户乃至整个环境中的影响因素,他们仅具有有限的看法。对于趋于形成具有复杂影响链的生态系统的联网企业而言,这种方法变得不太合适。需要一种更全面的方法来考虑这些因素,从而导致系统的风险管理,即对由网络化企业形成的整个系统进行风险管理,以避免因本地,个人,决策而对生态系统造成干扰。在本文中,我们提出了一种新的信息系统安全风险管理(ISSRM)元模型,其中包括通用系统理论中定义的系统性元素。我们将讨论此新模型的设计,特别强调如何将风险管理与问题解决方法相关联,以及在对ISSRM采用系统化方法时实例化的重要概念。

著录项

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有

  • 客服微信

  • 服务号