Title :
Designing a Security Policy According to BS 7799 Using the OCTAVE Methodology
Author :
Paulina, Januszkiewicz ; Marek, Pyka
Author_Institution :
Acad. of Bus., Dqbrowa Gornicza
Abstract :
In the article, authors conduct a discussion concerning a methodology that improves the decision making process for the issues of information protection and management within a company. Authors describe the OCTAVE methodology (the operationally critical threat, asset, and vulnerability evaluation), including examples and refer to many legal regulations. Usage of OCTAVE in the process of creating a security policy is being subject to analysis. The article aims at presenting a methodology, which is successfully used in Western-European countries and proving that it can be adapted for implementations in other countries, fitting well into the policies of various institutions. The authors wish to bring closer the guidelines for creating a security policy and deploying security measures within institutions
Keywords :
information management; legislation; security of data; BS 7799; OCTAVE methodology; asset evaluation; information management; information protection; legal regulation; security measures; security policy design; threat evaluation; vulnerability evaluation; Companies; Costs; Data security; Hardware; Information management; Information security; Law; Legal factors; Protection; Risk management;
Conference_Titel :
Availability, Reliability and Security, 2007. ARES 2007. The Second International Conference on
Conference_Location :
Vienna
Print_ISBN :
0-7695-2775-2
DOI :
10.1109/ARES.2007.69
