Skip to main content
Log in

Model for comprehensive approach to security management

  • Original Article
  • Published:
International Journal of System Assurance Engineering and Management Aims and scope Submit manuscript

Abstract

This paper demonstrates new approach to security management in companies. Currently, many companies manage individual security fields separately. New approach is based on integration of all individual security fields into one security management system. Proposed model in this paper is based on the project “Possibilities of ITIL implementation in Commercial Security Industry”. Second part of this paper is focused on incident management. It is necessary for proper function of presented model. Also at the end, there is a proposal of evaluation method for security incidents.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Subscribe and save

Springer+ Basic
EUR 32.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or Ebook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5

Similar content being viewed by others

References

  • Czech Republic (2014) Law nr. 181/2014 sb. Cyber Security Law

  • International Organization for Standardization (2004) ISO/IEC TR 18044:2004—information technology—security techniques—information security incident management

  • International Organization for Standardization (2005) ISO/IEC 27001—technology-security techniques—information security management systems-requirements

  • ITIL (2011a) Continual service improvement [online], 2 edn. TSO, London, xi, 246 s. [cit. 2013-07-22]. Best Management Practice. ISBN 978-0-11-331308-2. Dostupné z: http://www.best-management-practice.com

  • ITIL (2011b) Service transition [online], 2 edn. TSO, London, xii, 347 s. [cit. 2013-07-22]. Best Management Practice. ISBN 978-0-11-331306-8. Dostupné z: http://www.best-management-practice.com

  • ITIL (2011c) Service design [online], 2 edn. TSO, London, xi, 442 s. [cit. 2013-07-22]. Best Management Practice. ISBN 978-0-11-331305-1. Dostupné z: http://www.best-management-practice.com

  • ITIL (2011d) Service operation [online], 2 edn. TSO, London, xi, 370 s. [cit. 2013-07-22]. Best Management Practice. ISBN 978-0-11-331307-5. Dostupné z: http://www.best-management-practice.com

  • Jasek R, Szmit A, Szmit M (2013) Usage of modern exponential-smoothing models in network traffic modelling. In: Nostradamus 2013: prediction, modeling and analysis of complex systems. Springer, Berlin, pp 435–444. ISSN 2194-5357. ISBN 978-3-319-00541-6

  • Jasek R, Kolarik M, Vymola T (2013) APT detection system using honeypots. In Proceedings of the 14th WSEAS international conference on automation & information (ICAI’13). WSEAS Press, Montreux, pp 25–29. ISSN 1790-5117. ISBN 978-960-474-316-2

  • Kralik L, Senkerik R (2014) Proposal for security management system. In: Recent advances in electrical engineering and educational technologies. Proceedings of the 2nd international conference on systems, control and informatics (SCI 2014), Athens, pp 77–80. ISBN 978-1-61804-254-5

  • Li M, Tang M (2013) Information security engineering: a framework for research and practices. Int J Comput Commun Control 8(4):578–587

    Article  Google Scholar 

  • Lukas L, Cahlík M, Kralik L (2012) Protection of data centers—physical protection. In: Recent advances in information science: proceedings of the 3rd European conference of computer science (ECCS’12). WSEAS Press, Paris, France, pp 171–176. ISBN 978-1-61804-140-1, ISSN 1790-5109

  • NIST (2012) Special publication 800-61—computer security incident handling guide, Revision 2: 800-861

  • Prislan K, Bernik I (2010) Risk management with ISO 27000 standards in information security. In: Advances in E-activities, information security and privacy. WSEAS Press, Venezuela. ISBN: 978-960-474-258-5

  • Tang M, Li M, Zhang T (2016) The impacts of organizational culture on information security culture: a case study. Inf Technol Manag

  • Wan-Soo L, Sang-Soo J (2009) A study on information management model for small and medium enterprises. In: Recent advances in E-activities, information security and privacy. WSEAS Press, Spain. ISSN: 1790-5117. ISBN: 978-960-474-143-4

Download references

Acknowledgments

This work was supported by Grant No. IGA/FAI/2015/039 from IGA (Internal Grant Agency) of Thomas Bata University in Zlin; further by financial support of research project NPU I No. MSMT-7778/2014 by the Ministry of Education of the Czech Republic and also by the European Regional Development Fund under the Project CEBIA-Tech No. CZ.1.05/2.1.00/03.0089.

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Lukas Kralik.

Ethics declarations

Conflict of interest

None.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Kralik, L., Senkerik, R. & Jasek, R. Model for comprehensive approach to security management. Int J Syst Assur Eng Manag 7, 129–137 (2016). https://doi.org/10.1007/s13198-016-0420-8

Download citation

  • Received:

  • Revised:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s13198-016-0420-8

Keywords

Navigation