ISO27001 Bilgi Güvenliği Yönetim Sisteminde Risk Analizi

Abstract

Security risks related to information and information technologies have increased in parallel with technological progress, and knowledge has become the most important asset for individuals and institutions today. During the production, processing, transmission and storage of the knowledge, protecting its confidentiality, integrity and availability has also evolved as an important issue. In this study, the risks faced by the information assets of the organization / institution, the processes affected by the risks and the internal and external parties related to them, the affected assets and locations, the probability of risk, the effect of confidentiality, integrity and accessibility, the value of assets, the probability of creating threats to work effects are defined and a software prototype is designed and developed in order to track and manage the risks and the relevant controls. In order to achieve a proper information security model and construct an information security management system (ISMS) for the organization, the most important factors have been considered. A risk methodology is designed, implemented, documented and risk analysis is conducted on these assets and processes by using these documents.


Editor: H. Kemal İlter, Ankara Yıldırım Beyazıt University, Turkey
Received: August 19, 2018, Accepted: October 18, 2018, Published: November 10, 2018

Copyright: © 2018 IMISC Durankaya et al. This is an open-access article distributed under the terms of the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original author and source are credited.