Please use this identifier to cite or link to this item:
Title: Developing a Risk Analysis Strategy Framework for Impact Assessment in Information Security Management Systems: A Case Study in IT Consulting Industry
Authors: Kitsios, Fotis
Chatzidimitriou, Elpiniki
Kamariotou, Maria
Type: Article
Subjects: FRASCATI::Social sciences
FRASCATI::Engineering and technology
Keywords: information security management system (ISMS)
ISO 27001
software consulting company
risk analysis
impact assessment
Issue Date: 24-Jan-2022
Source: Sustainability
Volume: 14
Issue: 3
First Page: 1269
Abstract: Organizations must be committed to ensuring the confidentiality, availability, and integrity of the information in their possession to manage legal and regulatory obligations and to maintain trusted business relationships. Information security management systems (ISMSs) support companies to better deal with information security risks and cyber-attacks. Although there are many different approaches to successfully implementing an ISMS in a company, the most important and time-consuming part of establishing an ISMS is a risk assessment. The purpose of this paper was to develop a risk assessment framework that a company followed in the information technology sector to conduct the risk assessment process to comply with International Organization for Standardization (ISO) 27001. The findings analyze the conditions that force organizations to invest in protecting information and the benefits they can derive from this process. In particular, the paper delves into a multinational IT consulting services company that undertakes and implements large business support installation and customization projects. It explains the risk assessment process and the management of the necessary configurations so that its functions are acceptable and in line with information security standards. Finally, it presents the difficulties and challenges encountered.
ISSN: 2071-1050
Other Identifiers: 10.3390/su14031269
Appears in Collections:Department of Applied Informatics

This item is licensed under a Creative Commons License Creative Commons