Title :
Physical and logical Security Risk Analysis model
Author :
Peciña, Koldo ; Bilbao, Alfonso ; Bilbao, Enrique
Author_Institution :
S21Sec, Alcobendas, Spain
Abstract :
This paper describes the problem of carrying out a physical and logical Security Risk Analysis for an enterprise or Administration organism, considering the management and treatment of both kinds of risks by a new Security department that sprang from the convergence of the old physical and logical Security departments. This paper presents a Risk Analysis methodology that makes it possible to comply with the ISO 31000 standard (for physical security) and ISO 27001 standard (for logical security) methodologies, analyzing simultaneously both information and physical assets treatment processes. The paper will focus on the basis and steps followed by the method, and the relation between them and the AS/NZS 4360 standard. This methodology has been successfully used on industrial installations and various buildings.
Keywords :
ISO standards; business data processing; security of data; AS-NZS 4360 standard; ISO 27001 standard; ISO 31000 standard; administration organism; enterprise; logical security risk; physical security risk; security department; security risk analysis model; Explosives; ISO standards; Information security; Organizations; Risk management; ISO 27001; ISO 31000; Physical and Logical Security convergence; Risk Analysis; Risk Management; automatic risk calculation and evaluation;
Conference_Titel :
Security Technology (ICCST), 2011 IEEE International Carnahan Conference on
Conference_Location :
Barcelona
Print_ISBN :
978-1-4577-0902-9
DOI :
10.1109/CCST.2011.6095895
