DOIONLINE

DOIONLINE NO - IJASEAT-IRAJ-DOIONLNE-14299

Publish In
International Journal of Advances in Science, Engineering and Technology(IJASEAT)-IJASEAT
Journal Home
Volume Issue
Issue
Volume-6, Issue-4  ( Oct, 2018 )
Paper Title
Cyber Security: Risk Management - In Context of ISO 2700X -
Author Name
Sabhi Chaimae, Elchgar Hicham, Mohammed Kachkouch Soussi, Chaoui Habiba
Affilition
Master student: Security of Information Systems: National School of Applied Sciences Kenitra, Morocco IT6 Director: http://www.it6.ma/,37, Angle Avenue Fal ould Oumeir ET rue Oukeimeden Appt 4, Agdal - Rabat, Morocco. Information Security Consultant at IT6 Consulting: Telecommunications & networks engineer. Systems Engineering Laboratory, National School of Applied Sciences Kenitra, Morocco, http://www.ensa.uit.ac.ma
Pages
159-165
Abstract
Information systems are ubiquitous today in all businesses. The computer security of these systems must protect them from many threats of various origins. Risk management can determine, based on the vulnerability of the system, its criticality for each of these threats. It then makes it possible to propose the necessary and sufficient solutions to reduce the risks to an acceptable residual level. The purpose of this article is to discuss the issue of cybersecurity within an organization and to analyze risk management activities across selected ISO standards to provide the basis for improving risk management in information systems. Then we discuss the different methodologies / tools for evaluating and managing the risks associated with information and its treatments. We also present an example based on ISO27001 set for risk assessment and risk management. The results of this research indicate that successful risk management helps protect the cyber-attack information system. Keywords - Cyber Security, Risk Management, ISO Standards, Mehrai, Ebios, Risk Analysis, Standard Organisation, Information Security, ISO 27001.
  View Paper