dc.contributor.author | Nykänen, Riku | |
dc.contributor.author | Kärkkäinen, Tommi | |
dc.date.accessioned | 2015-10-28T06:34:07Z | |
dc.date.available | 2015-10-28T06:34:07Z | |
dc.date.issued | 2014 | |
dc.identifier.citation | Nykänen, R., & Kärkkäinen, T. (2014). Aligning Two Specifications for Controlling Information Security. <i>International Journal of Cyber Warfare and Terrorism</i>, <i>4</i>(2), 46-62. <a href="https://doi.org/10.4018/ijcwt.2014040104" target="_blank">https://doi.org/10.4018/ijcwt.2014040104</a> | |
dc.identifier.other | CONVID_24571053 | |
dc.identifier.other | TUTKAID_65344 | |
dc.identifier.uri | https://jyx.jyu.fi/handle/123456789/47476 | |
dc.description.abstract | Assuring information security is a necessity in modern organizations. Many recommendations for information
security management exist, which can be used to define a baseline of information security requirements. ISO/
IEC 27001 prescribes a process for an information security management system, and guidance to implement
security controls is provided in ISO/IEC 27002. Finnish National Security Auditing Criteria (KATAKRI) has
been developed by the national authorities in Finland as a tool to verify maturity of information security practices.
KATAKRI defines both security control objectives and security controls to meet an objective. Here the
authors compare and align these two specifications in the process, structural, and operational level, focusing
on the security control objectives and the actual controls. Even if both specifications share the same topics on
high level, the results reveal the differences in the scope and in the included security controls. | |
dc.language.iso | eng | |
dc.publisher | I G I Global | |
dc.relation.ispartofseries | International Journal of Cyber Warfare and Terrorism | |
dc.subject.other | information security | |
dc.subject.other | ISO/IEC 27001 | |
dc.subject.other | ISO/IEC 27002 | |
dc.subject.other | KATAKRI | |
dc.subject.other | security audit criteria | |
dc.subject.other | security cerification | |
dc.subject.other | security controls | |
dc.subject.other | security management | |
dc.subject.other | security specification alignment | |
dc.title | Aligning Two Specifications for Controlling Information Security | |
dc.type | article | |
dc.identifier.urn | URN:NBN:fi:jyu-201503021399 | |
dc.contributor.laitos | Tietotekniikan laitos | fi |
dc.contributor.laitos | Department of Mathematical Information Technology | en |
dc.contributor.oppiaine | Tietotekniikka | fi |
dc.contributor.oppiaine | Mathematical Information Technology | en |
dc.type.uri | http://purl.org/eprint/type/JournalArticle | |
dc.date.updated | 2015-03-02T16:30:20Z | |
dc.type.coar | journal article | |
dc.description.reviewstatus | peerReviewed | |
dc.format.pagerange | 46-62 | |
dc.relation.issn | 1947-3435 | |
dc.relation.numberinseries | 2 | |
dc.relation.volume | 4 | |
dc.type.version | publishedVersion | |
dc.rights.copyright | © 2014 IGI Global. Published in this repository with the kind permission of the publisher. | |
dc.rights.accesslevel | openAccess | fi |
dc.relation.doi | 10.4018/ijcwt.2014040104 | |