Aligning Two Specifications for Controlling Information Security
Nykänen, R., & Kärkkäinen, T. (2014). Aligning Two Specifications for Controlling Information Security. International Journal of Cyber Warfare and Terrorism, 4(2), 46-62. https://doi.org/10.4018/ijcwt.2014040104
Published in
International Journal of Cyber Warfare and TerrorismDate
2014Copyright
© 2014 IGI Global. Published in this repository with the kind permission of the publisher.
Assuring information security is a necessity in modern organizations. Many recommendations for information
security management exist, which can be used to define a baseline of information security requirements. ISO/
IEC 27001 prescribes a process for an information security management system, and guidance to implement
security controls is provided in ISO/IEC 27002. Finnish National Security Auditing Criteria (KATAKRI) has
been developed by the national authorities in Finland as a tool to verify maturity of information security practices.
KATAKRI defines both security control objectives and security controls to meet an objective. Here the
authors compare and align these two specifications in the process, structural, and operational level, focusing
on the security control objectives and the actual controls. Even if both specifications share the same topics on
high level, the results reveal the differences in the scope and in the included security controls.
Publisher
I G I GlobalISSN Search the Publication Forum
1947-3435Keywords
Publication in research information system
https://converis.jyu.fi/converis/portal/detail/Publication/24571053
Metadata
Show full item recordCollections
Related items
Showing items with similar title or keywords.
-
Comparison of two Specifications to Fulfill Security Control Objectives
Nykänen, Riku; Kärkkäinen, Tommi (Academic Conferences and Publishing International Limited, 2014) -
Leveraging National Auditing Criteria to Implement Cybersecurity Safeguards for the Automotive Emergency Response Vehicles : A case study from Finland
Rathod, Paresh; Kämppi, Pasi; Hämäläinen, Timo (Convergence Information Society (GlobalCIS), 2017)A modern Emergency Response Vehicle (ERV) is a combination of emergency services and functional mobile office on the wheels. The mobile office is aiming to leverage the benefits of fixed office while moving on the wheels. ... -
Information security management system standards: A gap analysis of the risk management in ISO 27001 and KATAKRI
Nykänen, Riku; Hakuli, Mikko (Academic Conferences Publishing, 2013) -
Multiobjective shape design in a ventilation system with a preference-driven surrogate-assisted evolutionary algorithm
Chugh, Tinkle; Kratky, Tomas; Miettinen, Kaisa; Jin, Yaochu; Makkonen, Pekka (ACM, 2019)We formulate and solve a real-world shape design optimization problem of an air intake ventilation system in a tractor cabin by using a preference-based surrogate-assisted evolutionary multiobjective optimization algorithm. ... -
Testing and implementing a new approach to estimating interregional output multipliers using input-output data for South Korean regions
Jahn, Malte; Flegg, Anthony T.; Tohmo, Timo (Routledge, 2020)Flegg's location quotient (FLQ) is a useful tool for estimating intraregional output multipliers. This paper uses it as one component when estimating interregional multipliers. Using statistical information criteria and ...