Author:
Cerqueira Junior Abinel Santiago,Arima Carlos Hideo
Abstract
With the advent of legislation and regulations in privacy and data protection, risk management provides information for organizations to plan actions and strategies in information security and cybersecurity. Thus, the use of international standards and references are utilized for the definition of programs and internal projects. This study aims to identify the motivations and goals for adoption of the ISO 27005 standard in organizations in productive systems. For the development of the research, a systematic literature review with the adoption of a protocol based on the PRISMA-P was conducted. The results achieved suggests that organizations seek to adopt ISO 27005 to attend functional and institutional motivations aiming to improve processes related to information security management, risk management, risk assessment, improve information security management and meet laws, regulations and stakeholders.
Publisher
South Florida Publishing LLC
Reference20 articles.
1. BRITISH STANDARD INSTITUTION – BSI. BS 7799-1:1995 - Information security management. Code of practice for information security management systems. United Kingdom: British Standards Institution, 1995.
2. BRITISH STANDARD INSTITUTION – BSI. BS 7799-1:1999 – Information security management. Code of practice for information security management systems. United Kingdom: British Standards Institution, 1999.
3. BRITISH STANDARD INSTITUTION – BSI. BS 7799-2:1999 – Information security management - Specification for information security management system. United Kingdom: British Standards Institution, 1999.
4. CULOT, Giovanna et al. The ISO/IEC 27001 information security management standard: literature review and theory-based research agenda. The TQM Journal, 2021.
5. ELING, Martin; WIRFS, Jan. What are the actual costs of cyber risk events?. European Journal of Operational Research, v. 272, n. 3, p. 1109-1119, 2019.
Cited by
4 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献
1. Integrating Risk Management Frameworks Into IT Governance Strategies;Advances in IT Standards and Standardization Research;2024-06-30
2. A Holistic Approach for Cyber Security Vulnerability Assessment Based on Open Source Tools: Nikto, Acunitx, ZAP, Nessus and Enhanced with AI-Powered Tool ImmuniWeb;2024 IEEE 4th International Maghreb Meeting of the Conference on Sciences and Techniques of Automatic Control and Computer Engineering (MI-STA);2024-05-19
3. CCAF, Continuous Cyber Assurance Framework;Advanced Sciences and Technologies for Security Applications;2024
4. Cyber Risk Evaluation for Android-based Devices;2023 IEEE Conference on Dependable and Secure Computing (DSC);2023-11-07