Model for comprehensive approach to security management

Abstract

This paper demonstrates new approach to security management in companies. Currently, many companies manage individual security fields separately. New approach is based on integration of all individual security fields into one security management system. Proposed model in this paper is based on the project “Possibilities of ITIL implementation in Commercial Security Industry”. Second part of this paper is focused on incident management. It is necessary for proper function of presented model. Also at the end, there is a proposal of evaluation method for security incidents.

This is a preview of subscription content, access via your institution.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5

References

  1. Czech Republic (2014) Law nr. 181/2014 sb. Cyber Security Law

  2. International Organization for Standardization (2004) ISO/IEC TR 18044:2004—information technology—security techniques—information security incident management

  3. International Organization for Standardization (2005) ISO/IEC 27001—technology-security techniques—information security management systems-requirements

  4. ITIL (2011a) Continual service improvement [online], 2 edn. TSO, London, xi, 246 s. [cit. 2013-07-22]. Best Management Practice. ISBN 978-0-11-331308-2. Dostupné z: http://www.best-management-practice.com

  5. ITIL (2011b) Service transition [online], 2 edn. TSO, London, xii, 347 s. [cit. 2013-07-22]. Best Management Practice. ISBN 978-0-11-331306-8. Dostupné z: http://www.best-management-practice.com

  6. ITIL (2011c) Service design [online], 2 edn. TSO, London, xi, 442 s. [cit. 2013-07-22]. Best Management Practice. ISBN 978-0-11-331305-1. Dostupné z: http://www.best-management-practice.com

  7. ITIL (2011d) Service operation [online], 2 edn. TSO, London, xi, 370 s. [cit. 2013-07-22]. Best Management Practice. ISBN 978-0-11-331307-5. Dostupné z: http://www.best-management-practice.com

  8. Jasek R, Szmit A, Szmit M (2013) Usage of modern exponential-smoothing models in network traffic modelling. In: Nostradamus 2013: prediction, modeling and analysis of complex systems. Springer, Berlin, pp 435–444. ISSN 2194-5357. ISBN 978-3-319-00541-6

  9. Jasek R, Kolarik M, Vymola T (2013) APT detection system using honeypots. In Proceedings of the 14th WSEAS international conference on automation & information (ICAI’13). WSEAS Press, Montreux, pp 25–29. ISSN 1790-5117. ISBN 978-960-474-316-2

  10. Kralik L, Senkerik R (2014) Proposal for security management system. In: Recent advances in electrical engineering and educational technologies. Proceedings of the 2nd international conference on systems, control and informatics (SCI 2014), Athens, pp 77–80. ISBN 978-1-61804-254-5

  11. Li M, Tang M (2013) Information security engineering: a framework for research and practices. Int J Comput Commun Control 8(4):578–587

    Article  Google Scholar 

  12. Lukas L, Cahlík M, Kralik L (2012) Protection of data centers—physical protection. In: Recent advances in information science: proceedings of the 3rd European conference of computer science (ECCS’12). WSEAS Press, Paris, France, pp 171–176. ISBN 978-1-61804-140-1, ISSN 1790-5109

  13. NIST (2012) Special publication 800-61—computer security incident handling guide, Revision 2: 800-861

  14. Prislan K, Bernik I (2010) Risk management with ISO 27000 standards in information security. In: Advances in E-activities, information security and privacy. WSEAS Press, Venezuela. ISBN: 978-960-474-258-5

  15. Tang M, Li M, Zhang T (2016) The impacts of organizational culture on information security culture: a case study. Inf Technol Manag

  16. Wan-Soo L, Sang-Soo J (2009) A study on information management model for small and medium enterprises. In: Recent advances in E-activities, information security and privacy. WSEAS Press, Spain. ISSN: 1790-5117. ISBN: 978-960-474-143-4

Download references

Acknowledgments

This work was supported by Grant No. IGA/FAI/2015/039 from IGA (Internal Grant Agency) of Thomas Bata University in Zlin; further by financial support of research project NPU I No. MSMT-7778/2014 by the Ministry of Education of the Czech Republic and also by the European Regional Development Fund under the Project CEBIA-Tech No. CZ.1.05/2.1.00/03.0089.

Author information

Affiliations

Authors

Corresponding author

Correspondence to Lukas Kralik.

Ethics declarations

Conflict of interest

None.

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Kralik, L., Senkerik, R. & Jasek, R. Model for comprehensive approach to security management. Int J Syst Assur Eng Manag 7, 129–137 (2016). https://doi.org/10.1007/s13198-016-0420-8

Download citation

Keywords

  • Security management
  • Incident management
  • Security
  • Model
  • Integration