TY - JOUR
T1 - A huiristic method for information scaling in manufacturing organizations
AU - Rezaei, Ghasem
AU - Ansari, Majid
AU - Memari, Ashkan
AU - Zahraee, Seyed Mojib
AU - Shaharoun, Awaluddin Mohamed
PY - 2014
Y1 - 2014
N2 - Protecting information assets is very vital to the core survival of an organization. By increasing in cyber-attacks and viruses worldwide, it has become essential for organizations to adopt innovative and rigorous procedures to keep these vital assets out of the reach of exploiters. Although worldwide complying with an international information security standard such as ISO 27001 has been raised, with over 7000 registered certificates, few Iranian companies are under ISO 27001 certified. Also organization needs to perform a risk assessment in order to determine the organization's asset exposure to risk and determine the best way to manage this. The determination of risk within the methodology is based upon the standard formula, which the risk is calculated from the multiplication of the asset value, threats and vulnerability. The ISO 27001 requires is that 'An appropriate risk assessment shall be undertaken'. One of the main factors for risk assessment is identifying and scoring of Information asset in this process. Due to different values of asset in organizations, the main purpose of this study is to identify and investigate a weighted method to assign different values of assets in order to minimize vulnerability in manufacturing systems. This study also aims at improving asset value scoring by using heuristic methods. A real world case study was selected for implementation of this approach based on ISO27001 in Iran.
AB - Protecting information assets is very vital to the core survival of an organization. By increasing in cyber-attacks and viruses worldwide, it has become essential for organizations to adopt innovative and rigorous procedures to keep these vital assets out of the reach of exploiters. Although worldwide complying with an international information security standard such as ISO 27001 has been raised, with over 7000 registered certificates, few Iranian companies are under ISO 27001 certified. Also organization needs to perform a risk assessment in order to determine the organization's asset exposure to risk and determine the best way to manage this. The determination of risk within the methodology is based upon the standard formula, which the risk is calculated from the multiplication of the asset value, threats and vulnerability. The ISO 27001 requires is that 'An appropriate risk assessment shall be undertaken'. One of the main factors for risk assessment is identifying and scoring of Information asset in this process. Due to different values of asset in organizations, the main purpose of this study is to identify and investigate a weighted method to assign different values of assets in order to minimize vulnerability in manufacturing systems. This study also aims at improving asset value scoring by using heuristic methods. A real world case study was selected for implementation of this approach based on ISO27001 in Iran.
UR - http://www.scopus.com/inward/record.url?scp=84903769901&partnerID=8YFLogxK
U2 - 10.11113/jt.v69.3150
DO - 10.11113/jt.v69.3150
M3 - Article
AN - SCOPUS:84903769901
SN - 0127-9696
VL - 69
SP - 87
EP - 91
JO - Jurnal Teknologi (Sciences and Engineering)
JF - Jurnal Teknologi (Sciences and Engineering)
IS - 3
ER -