• DocumentCode
    2416036
  • Title

    Designing a Security Policy According to BS 7799 Using the OCTAVE Methodology

  • Author

    Paulina, Januszkiewicz ; Marek, Pyka

  • Author_Institution
    Acad. of Bus., Dqbrowa Gornicza
  • fYear
    2007
  • fDate
    10-13 April 2007
  • Firstpage
    715
  • Lastpage
    722
  • Abstract
    In the article, authors conduct a discussion concerning a methodology that improves the decision making process for the issues of information protection and management within a company. Authors describe the OCTAVE methodology (the operationally critical threat, asset, and vulnerability evaluation), including examples and refer to many legal regulations. Usage of OCTAVE in the process of creating a security policy is being subject to analysis. The article aims at presenting a methodology, which is successfully used in Western-European countries and proving that it can be adapted for implementations in other countries, fitting well into the policies of various institutions. The authors wish to bring closer the guidelines for creating a security policy and deploying security measures within institutions
  • Keywords
    information management; legislation; security of data; BS 7799; OCTAVE methodology; asset evaluation; information management; information protection; legal regulation; security measures; security policy design; threat evaluation; vulnerability evaluation; Companies; Costs; Data security; Hardware; Information management; Information security; Law; Legal factors; Protection; Risk management;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Availability, Reliability and Security, 2007. ARES 2007. The Second International Conference on
  • Conference_Location
    Vienna
  • Print_ISBN
    0-7695-2775-2
  • Type

    conf

  • DOI
    10.1109/ARES.2007.69
  • Filename
    4159867
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2416036