Abstract
The importance of information security has increased gradually. Initially, the notion of information security was limited to only a few areas. Now, it has expanded to cover a variety of areas. For example, critical infrastructure facilities such as power plants are operated online using industrial control systems so that the facilities are exposed to cyber threats. This is also the case with the other fields that are operated online. Each field requires appropriate information security management. Thus, this paper proposes an advanced security measurement system that reflects the characteristics of each field to achieve effective information security management.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Wawrzyniak Dariusz (2006) Information security risk assessment model for risk management, Trust and Privacy in Digital Business. Springer, Berlin
Chang SE, Ho CB (2006) Organizational factors to the effectiveness of implementing information security management. Ind Manag Data Syst 106:345–361
Kankanhalli A, Teo HH, Tan BC, Wei KK (2003) An integrative study of information systems security effectiveness. Int J Inf Manag 23(2):139–154
Eloff JH, Eloff M (2003) Information security management: a new paradigm, South African Institute for Computer Scientists and Information Technologists, pp. 130–136
Lee CM, Chang H (2014) A study on security strategy in ICT convergence environment. J Supercomput 70(1):211–223
You Y, Oh S, Lee K (2014) Advanced security assessment for control effectiveness. In: Information security applications, Springer International Publishing, pp 383–393
Dhillon G, Backhouse J (2001) Current directions in IS security research: towards socio-organizational perspectives. Inf Syst J 11(2):127–153
Hong KS, Chi YP, Chao LR, Tang JH (2003) An integrated system theory of information security management. Inf Manag Comput Secur 11(5):243–248
Weiss J (2014) Industrial Control System (ICS) cyber security for water and wastewater systems. Springer International Publishing, NY, Securing Water and Wastewater Systems
Siponen Mikko, Willison Robert (2009) Information security management standards: problems and solutions. Inf Manag 46(5):267–270
Dhillon Gurpreet, Torkzadeh Gholamreza (2006) Value focused assessment of information system security in organizations. Inf Syst J 16(3):293–314
Segev Arie, Porra Jaana, Roldan Malu (1998) Internet security and the case of Bank of America. Commun ACM 41(10):81–87
Edward H (2007) Implementing the ISO/IEC 27001 Information Security Management System Standard, ARTECH HOUSE, BOSTON, pp 103–164
NIST, SP. 800-53 Rev. 3. (2009) Recommended Security controls for federal information systems and organizations
Stouffer K, Joe F, Karen S (2008) NIST SP 800-115: Technical Guide to Information Security Testing and Assessment, National Institute of Standards and Technology
Acknowledgments
This research was supported by the MSIP (Ministry of Science, ICT and Future Planning), Korea, under the ITRC (Information Technology Research Center) support program (IITP-2015-H8501-15-1003) supervised by the IITP (Institute for Information and communications Technology Promotion).
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
You, Y., Cho, I. & Lee, K. An advanced approach to security measurement system. J Supercomput 72, 3443–3454 (2016). https://doi.org/10.1007/s11227-015-1585-7
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11227-015-1585-7