مقاله انگلیسی رایگان در مورد درک مهارت های کلیدی برای مدیران امنیت اطلاعات – الزویر 2018

 

مشخصات مقاله
ترجمه عنوان مقاله درک مهارت های کلیدی برای مدیران امنیت اطلاعات
عنوان انگلیسی مقاله Understanding key skills for information security managers
انتشار مقاله سال 2018
تعداد صفحات مقاله انگلیسی 8 صفحه
هزینه دانلود مقاله انگلیسی رایگان میباشد.
پایگاه داده نشریه الزویر
نوع نگارش مقاله
مقاله پژوهشی (Research article)
مقاله بیس این مقاله بیس نمیباشد
نمایه (index) scopus – master journals – JCR
نوع مقاله ISI
فرمت مقاله انگلیسی  PDF
ایمپکت فاکتور(IF)
4.516 در سال 2017
شاخص H_index 82 در سال 2018
شاخص SJR 1.373 در سال 2018
رشته های مرتبط مهندسی کامپیوتر
گرایش های مرتبط امنیت اطلاعات
نوع ارائه مقاله
ژورنال
مجله / کنفرانس مجله بین المللی مدیریت اطلاعات – International Journal of Information Management
دانشگاه Information System Engineering – Atilim University – Turkey
کلمات کلیدی مدیریت امنیت اطلاعات، مهارت های امنیتی، مدیر امنیت اطلاعات، گواهینامه های امنیتی
کلمات کلیدی انگلیسی Information security management, Security skills, Information security manager, Security certifications
شناسه دیجیتال – doi
https://doi.org/10.1016/j.ijinfomgt.2018.07.013
کد محصول E10211
وضعیت ترجمه مقاله  ترجمه آماده این مقاله موجود نمیباشد. میتوانید از طریق دکمه پایین سفارش دهید.
دانلود رایگان مقاله دانلود رایگان مقاله انگلیسی
سفارش ترجمه این مقاله سفارش ترجمه این مقاله

 

فهرست مطالب مقاله:
Highlights
Abstract
Keywords
1 Introduction
2 Literature review
3 Methodology and case study
4 Implementation and findings
5 Discussion and implications
6 Conclusions
Appendix A
References

بخشی از متن مقاله:
ABSTRACT

Information security management is a necessity for all institutions and enterprises that regard company information as valuable assets. Developing, auditing and managing information security depends upon professional expertise in order to achieve the desired information security governance. This research seeks the key skills required for the position of information security management as well as the methods to develop these skills through professional training programs. The study adopts the Delphi method which requires building a list of items through a literature survey and involves experts with certain expertise to modify the list until a consensus on less than 20% of the items is reached. Through completing three rounds of the Delphi technique – data collection, relevance voting and ranking – sixteen skills are shortlisted as the key skills. In the final list, the majority belong to core information security skills, and the top two skills belong to project/process management skills and risk management skills, indicating the importance of these skills for the information security manager role. In addition, a series of related professional training programs and certifications are surveyed, the outcome of which highlights a number of most comprehensive and appropriate programs to develop these determined skills.

Introduction

An Information Security Management System (ISMS) is a set of standards, by which companies can protect their vital information assets in certain industries such as healthcare (Gardiyawasam Pussewalage & Oleshchuk, 2016) and finance (Roumania, Nwankpab, & Roumani, 2016). It mainly focuses on closing the gap in the security systems and processes through risk management (Bojanc & JermanBlazic, 2008; Silva, De Gusmão, Poleto, Silva, & Costa, 2014). Moreover, the process was standardized via the ISO/IEC 27001:2005 (later, revised by ISO/IEC 27001:2013) based on the British Standards BS 7799 and developed by the UK’s Department of Trade and Industry (Humphreys, 2016). The implementation of ISO/IEC 27001 is based on examining various core concepts that are treated either solely or combined, and includes the context of organizations, issues, risks, opportunities, interested parties, leadership, threats, communication, documented information, performance evaluation, risk owners, risk treatment plans, controls, and continual improvement. In this respect, risk management plays a major role in implementing this standard as it should always be planned, controlled and assessed. Information security provides a way to protect the valuable assets of any organization, especially the ones that hold sensitive information. It is based on three main principles, which are (ISO/IEC, 2013): 1 Confidentiality: preventing unauthorized access to sensitive data; 2 Integrity: truthfulness of the data, which cannot be modified without authorization; and 3 Availability: accessibility of the data whenever it is requested by authorized personnel. Information security owes its importance to several issues, especially from the legal point of view. As governmental services increasingly become online day by day, a large amount of vital information about individuals and governments could be at risk in different parts of the world without the presence of security systems (Ozkan & Karabacak, 2010; Saarenpaa, 2008). Studies show that, in an organization, there are many business-related highlights to be considered in ISMS which include, and are not limited to: 1 Preserving information within the organization in order to maintain competitiveness in the market; 2 Sustaining growth by making the needed information available at all times to the company’s decision-makers; and 3 Enhancing communication systems within the organization to support efforts towards stability (Wawak, 2010).

دیدگاهتان را بنویسید

نشانی ایمیل شما منتشر نخواهد شد. بخش‌های موردنیاز علامت‌گذاری شده‌اند *

دکمه بازگشت به بالا