Abstract
As the high increase usage of technology, the higher the risks that are associated with it. Therefore, it has become a necessity for organizations to rely on an information security risk management framework as a defense mechanism against these risks. This paper discusses information security risk management approaches available with an emphasis on the International Organization for Standardization/International Electrotechnical Commission (ISO/IEC) 27005 method to propose an information security risk management framework that suits a governmental educational institute in Saudi Arabia. This framework will be designed and implemented for a governmental educational institute that lacks adequate information security risk management while being out of compliance with Saudi Arabia’s Essential Cybersecurity Controls (ECC). In this framework, 34 application assets have been analyzed and 37 controls have been recommended in order to meet the minimum requirements of ECC.
Metadata
Item Type: | Article |
---|---|
Creators: | Creators Email / ID Num. Al-Mudaires, Fajer UNSPECIFIED Al-Samawi, Aida aalsamawi@kfu.edu.sa Aljughaiman, Ahmed UNSPECIFIED Nissirat, Liyth UNSPECIFIED |
Subjects: | Z Bibliography. Library Science. Information Resources > Library Science. Information Science Z Bibliography. Library Science. Information Resources > ZA Information resources (General) > Information services. Information centers |
Divisions: | Universiti Teknologi MARA, Selangor > Puncak Perdana Campus > Faculty of Information Management |
Journal or Publication Title: | Journal of Information and Knowledge Management (JIKM) |
UiTM Journal Collections: | UiTM Journal > International Journal of Information and Knowledge Management (JIKM) |
ISSN: | ISSN:2231-8836 ; E-ISSN:2289-5337 |
Volume: | 13 |
Number: | 1 |
Page Range: | pp. 36-54 |
Keywords: | Information security risk management, ISO/IEC 27005, ECC, regulatory compliance, information management |
Date: | April 2023 |
URI: | https://ir.uitm.edu.my/id/eprint/77315 |