SPRING DISCOUNT
Get 30% off on toolkits, course exams, and books.
Limited-time offer – ends May 26, 2022
Use promo code:
SPRING30

Expert Advice Community

Guest

Security concepts

  Quote
Guest
Guest user Created:   Feb 08, 2022 Last commented:   Feb 08, 2022

Security concepts

I am a PhD researcher and I am looking for useful security concepts for my research. I want to see which ISO framework do you think can be useful as a basis for finding useful security concepts. My research is to provide a framework that helps organizations identify security concepts at the governance and management levels. I am hesitating between ISO 27000 and ISO 27001 and ISO 27014. I would appreciate your help with this regards!
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Feb 08, 2022

I’m considering that when you mention “security concepts”, and the listed standards, you mean “information security” concepts.

Considering that, the three standards can be useful to you because together they cover concepts for both governance and management of information security:
- ISO 27000 covers the general concepts about information security
- ISO 27001 presents concepts related to information security management, i.e., how to identify and treat information security risks, and this standard requires the engagement of management
- ISO 27014 covers concepts of Information Security Governance, i.e., on how to evaluate, direct, monitor, and communicate the information security-related activities within the organization

You can also check this doctoral thesis from Dejan Kosutic that describes a holistic approach to cybersecurity management through a socio-technical system that balances strategic, organizational, risk & technology, and people aspects: https://www.researchgate.net/publication/357826918_The_Impact_of_Cybersecurity_on_Competitive_Advantage

For further information, see:
- Should information security focus on asset protection, compliance, or corporate governance? https://advisera.com/27001academy/blog/2017/03/13/information-security-focus-asset-protection-compliance-corporate-governance/
- Integration of Information Security, IT and Corporate Governance https://info.advisera.com/27001academy/free-download/integration-of-information-security-it-and-corporate-governance

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Feb 08, 2022

Feb 08, 2022

Suggested Topics