Abstract
Information security systems are important to ensure business continuity and protect organizations against potential risks. In this context organizations have to analyze their information system processes and they should develop their information systems according to results of the analysis. This paper aims to evaluate the current information security approaches in a defense industry organization in Turkey. The case of the assessment demonstrates information security standards and approaches and reflects the importance of information security implementation within the organizations. In order to achieve research objectives and aims, Information Security Assessment Tool for State Agencies (an information security assessment tool) was chosen as the research instrument for this study. The results obtained from the assessment tool revealed that major applications were implemented by the defense industry organization. According to the assessments, the study recommends that education and training programs and policies should be developed, and that interoperability of information security functions should be provided in the defense industry.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Blackley, B., McDermott, E., Geer, D.: Information Security is Information Risk Management. In: Proceedings of the 2001 Workshop on New Security Paradigms, pp. 97–104. ACM, New York (2001)
Canbek, G., Sağıroğlu, Ş.: Bilgi, Bilgi Güvenliği ve Süreçleri Üzerine Bir Inceleme [An Evaluation on Information, Information Security and Processes]. Politeknik Dergisi 9(3), 165–174 (2006)
Doğantimur, F.: ISO 27001 Çerçevesinde Kurumsal Bilgi Güvenliği [Organizational Information Security within the Framework of ISO 27001]. Unpublished thesis of professional competence, Ministry of Finance (2009)
Vural, Y., Sağıroğlu, Ş.: Kurumsal Bilgi Güvenliği ve Standartları Üzerine bir İnceleme [A Review on Organizational Information Security and Standards]. Gazi Üniversitesi Mühendislik ve Mimarlık Fakültesi Dergisi 23(2), 507–522 (2008)
DPT: e-Dönüşüm Türkiye Projesi Birlikte Çalışabilirlik Esasları Rehberi [e-Transformation Turkey Project Principles of Interoperability Guide]. Devlet Planlama Teşkilatı, Ankara (2005)
DPT: Bilgi Toplumu Stratejisi Eylem Planı (2006- 2010) [Information Society Strategy Action Plan (2006- 2010)]. Devlet Planlama Teşkilatı, Ankara (2006)
Bilisim 2023 Derneği, http://bilisim2023.org/index.php?option=com_content&view=article&id=189:tuerkyede-blg-guevenl-yatirimlari-artiyor&catid=7:goerueler&Itemid=18
Thomas, G.: A Typology for the Case Study in Social Science Following a Review of Definition, Discourse and Structure. Qualitative Inquiry 17(6), 511–521 (2011)
Zainal, Z.: Case Study as a Research Method. Jurnal Kemanusiaan Bil 9, 1–5 (2007)
Scarfone, K., Souppaya, M., Cody, A., Orebaugh, A.: Technical Guide to Information Security Testing and Assessment: Recommendations of the National Institute of Standards and Technology. U.S. Department of Commerce, Gaithersburg (2008)
Risk Assessment Toolkit, http://www.cio.ca.gov/OIS/government/risk/toolkit.asp
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Çakmak, T., Eroğlu, Ş. (2014). Evaluation of Information Security Approaches: A Defense Industry Organization Case. In: Gathegi, J.N., Tonta, Y., Kurbanoğlu, S., Al, U., Taşkın, Z. (eds) Challenges of Information Management Beyond the Cloud. IMCW 2013. Communications in Computer and Information Science, vol 423. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-44412-2_11
Download citation
DOI: https://doi.org/10.1007/978-3-662-44412-2_11
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-662-44411-5
Online ISBN: 978-3-662-44412-2
eBook Packages: Computer ScienceComputer Science (R0)