Collaborative risk method for information security management practices: A case context within Turkey


ÖZKAN YILDIRIM S., Karabacak B.

INTERNATIONAL JOURNAL OF INFORMATION MANAGEMENT, cilt.30, sa.6, ss.567-572, 2010 (SSCI) identifier identifier

  • Yayın Türü: Makale / Tam Makale
  • Cilt numarası: 30 Sayı: 6
  • Basım Tarihi: 2010
  • Doi Numarası: 10.1016/j.ijinfomgt.2010.08.007
  • Dergi Adı: INTERNATIONAL JOURNAL OF INFORMATION MANAGEMENT
  • Derginin Tarandığı İndeksler: Social Sciences Citation Index (SSCI), Scopus
  • Sayfa Sayıları: ss.567-572
  • Anahtar Kelimeler: ISO/IEC 27001:2005, ISO/IEC 27002:2005, Information security, Risk analysis, Flow chart, Case process approach, Information security governance, SYSTEM
  • Orta Doğu Teknik Üniversitesi Adresli: Evet

Özet

In this case study, a collaborative risk method for information security management has been analyzed considering the common problems encountered during the implementation of ISO standards in eight Turkish public organizations. This proposed risk method has been applied within different public organizations and it has been demonstrated to be effective and problem-free. The fundamental issue is that there is no legislation that regulates the information security liabilities of the public organizations in Turkey. The findings and lessons learned presented in this case provide useful insights for practitioners when implementing information security management projects in other international public sector organizations. (C) 2010 Elsevier Ltd. All rights reserved.