Collaborative risk method for information security management practices: A case context within Turkey


ÖZKAN YILDIRIM S., Karabacak B.

INTERNATIONAL JOURNAL OF INFORMATION MANAGEMENT, vol.30, no.6, pp.567-572, 2010 (Peer-Reviewed Journal) identifier identifier

  • Publication Type: Article / Article
  • Volume: 30 Issue: 6
  • Publication Date: 2010
  • Doi Number: 10.1016/j.ijinfomgt.2010.08.007
  • Journal Name: INTERNATIONAL JOURNAL OF INFORMATION MANAGEMENT
  • Journal Indexes: Social Sciences Citation Index, Scopus
  • Page Numbers: pp.567-572
  • Keywords: ISO/IEC 27001:2005, ISO/IEC 27002:2005, Information security, Risk analysis, Flow chart, Case process approach, Information security governance, SYSTEM

Abstract

In this case study, a collaborative risk method for information security management has been analyzed considering the common problems encountered during the implementation of ISO standards in eight Turkish public organizations. This proposed risk method has been applied within different public organizations and it has been demonstrated to be effective and problem-free. The fundamental issue is that there is no legislation that regulates the information security liabilities of the public organizations in Turkey. The findings and lessons learned presented in this case provide useful insights for practitioners when implementing information security management projects in other international public sector organizations. (C) 2010 Elsevier Ltd. All rights reserved.