Abstract
In particular, the reason when organisation competitors win business, is the gain of organisation sensitive and important data. This happen as results of having a local employee active as an agent inside the organisation or because of a persistent threat attack. The data sharing, data protection, data retention, data risk management, and personnel physical security are the responsibilities of the organisation Chief Security Officer (CSO), who solves the intellectual property theft problems before and when occurred, by combining approached of Information Risk Management (IRM) and Information Security Governance (ISG). In this paper, we propose a new novel security management approach that improve information security return of investment.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Mahmoud, A., & Xichun, L. (2017). A new counterfeiting approach: Computer security evaluation of fuel rationing system, in 2nd Joint International Mechanical. Electronic and Information Technology Conference (JIMET).
Al-Shawabkeh M., Xichun Li, Mohamed S. (2016). Leading Change: Adaption of Information Security in University Announcement System, Proceedings of the 2016 Joint International Information Technology, Mechanical and Electronic Engineering, http://production.atlantis-press.com/proceedings/jimec-16/25861516, September 2016, ISBN 978-94-6252-234-3, ISSN 2352-5401, doi:10.2991/jimec-16.2016.16
Brotby K. (2009). Information security governance: A practical development and implementation approach. Apr 2009, ISBN: 978-0-470-13118-3. John Wiley & Sons, Inc., Hoboken, New Jersey.
ISO/IEC27002:2013, Information technology – Security techniques – Code of practice for information security controls, code of practice for information security controls. International Organization for Standardization (ISO), Switzerland, (2013). p. 80.
FIPS-200, FIPS publication 200 minimum security requirements for federal information and information systems. (2006).
NIST-800-53, Security and privacy controls for Federal Information Systems and Organizations. National Institute of Standards and Technology. (2013).
N. I. of S. and T. S. P. (2002). NIST-SP-800-30, SP 800–30, Risk management guide for information technology systems.
De Haes, S. (2009). The risk IT practitioner guide. ISACA. www.isaca.org
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG, part of Springer Nature
About this paper
Cite this paper
Li, X., Al-Shawabkeh, M., Li, Z. (2018). Security Risk Management Approach for Improving Information Security Return of Investment. In: Tavana, M., Patnaik, S. (eds) Recent Developments in Data Science and Business Analytics. Springer Proceedings in Business and Economics. Springer, Cham. https://doi.org/10.1007/978-3-319-72745-5_22
Download citation
DOI: https://doi.org/10.1007/978-3-319-72745-5_22
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-72744-8
Online ISBN: 978-3-319-72745-5
eBook Packages: Business and ManagementBusiness and Management (R0)