Abstract
This paper demonstrates new approach to security management in companies. Currently, many companies manage individual security fields separately. New approach is based on integration of all individual security fields into one security management system. Proposed model in this paper is based on the project “Possibilities of ITIL implementation in Commercial Security Industry”. Second part of this paper is focused on incident management. It is necessary for proper function of presented model. Also at the end, there is a proposal of evaluation method for security incidents.
Similar content being viewed by others
References
Czech Republic (2014) Law nr. 181/2014 sb. Cyber Security Law
International Organization for Standardization (2004) ISO/IEC TR 18044:2004—information technology—security techniques—information security incident management
International Organization for Standardization (2005) ISO/IEC 27001—technology-security techniques—information security management systems-requirements
ITIL (2011a) Continual service improvement [online], 2 edn. TSO, London, xi, 246 s. [cit. 2013-07-22]. Best Management Practice. ISBN 978-0-11-331308-2. Dostupné z: http://www.best-management-practice.com
ITIL (2011b) Service transition [online], 2 edn. TSO, London, xii, 347 s. [cit. 2013-07-22]. Best Management Practice. ISBN 978-0-11-331306-8. Dostupné z: http://www.best-management-practice.com
ITIL (2011c) Service design [online], 2 edn. TSO, London, xi, 442 s. [cit. 2013-07-22]. Best Management Practice. ISBN 978-0-11-331305-1. Dostupné z: http://www.best-management-practice.com
ITIL (2011d) Service operation [online], 2 edn. TSO, London, xi, 370 s. [cit. 2013-07-22]. Best Management Practice. ISBN 978-0-11-331307-5. Dostupné z: http://www.best-management-practice.com
Jasek R, Szmit A, Szmit M (2013) Usage of modern exponential-smoothing models in network traffic modelling. In: Nostradamus 2013: prediction, modeling and analysis of complex systems. Springer, Berlin, pp 435–444. ISSN 2194-5357. ISBN 978-3-319-00541-6
Jasek R, Kolarik M, Vymola T (2013) APT detection system using honeypots. In Proceedings of the 14th WSEAS international conference on automation & information (ICAI’13). WSEAS Press, Montreux, pp 25–29. ISSN 1790-5117. ISBN 978-960-474-316-2
Kralik L, Senkerik R (2014) Proposal for security management system. In: Recent advances in electrical engineering and educational technologies. Proceedings of the 2nd international conference on systems, control and informatics (SCI 2014), Athens, pp 77–80. ISBN 978-1-61804-254-5
Li M, Tang M (2013) Information security engineering: a framework for research and practices. Int J Comput Commun Control 8(4):578–587
Lukas L, Cahlík M, Kralik L (2012) Protection of data centers—physical protection. In: Recent advances in information science: proceedings of the 3rd European conference of computer science (ECCS’12). WSEAS Press, Paris, France, pp 171–176. ISBN 978-1-61804-140-1, ISSN 1790-5109
NIST (2012) Special publication 800-61—computer security incident handling guide, Revision 2: 800-861
Prislan K, Bernik I (2010) Risk management with ISO 27000 standards in information security. In: Advances in E-activities, information security and privacy. WSEAS Press, Venezuela. ISBN: 978-960-474-258-5
Tang M, Li M, Zhang T (2016) The impacts of organizational culture on information security culture: a case study. Inf Technol Manag
Wan-Soo L, Sang-Soo J (2009) A study on information management model for small and medium enterprises. In: Recent advances in E-activities, information security and privacy. WSEAS Press, Spain. ISSN: 1790-5117. ISBN: 978-960-474-143-4
Acknowledgments
This work was supported by Grant No. IGA/FAI/2015/039 from IGA (Internal Grant Agency) of Thomas Bata University in Zlin; further by financial support of research project NPU I No. MSMT-7778/2014 by the Ministry of Education of the Czech Republic and also by the European Regional Development Fund under the Project CEBIA-Tech No. CZ.1.05/2.1.00/03.0089.
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of interest
None.
Rights and permissions
About this article
Cite this article
Kralik, L., Senkerik, R. & Jasek, R. Model for comprehensive approach to security management. Int J Syst Assur Eng Manag 7, 129–137 (2016). https://doi.org/10.1007/s13198-016-0420-8
Received:
Revised:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s13198-016-0420-8