SECURITY RISK MANAGEMENT MODEL
Journal Title: FBIM Transactions - Year 2019, Vol 0, Issue 2
Abstract
Worldwide there are many developed models for managing security risks. Within this thesis, the developed model with eight phases will be represented. The phase “Business System Identification” should identify all objects of a business system, the activities realized within it, and employees, because these potentially can be jeopardized by some threat. Therefore, it is necessary to make an estimation why and how a potential unpredictable event could influence a business system and all of its resources, as well as it should be determined whether potential unpredictable event, which could cause certain threat, represents the event which would cause damage which business system must not allow, or a specific potential event is irrelevant for it. In the phase “Threat Estimation” potential specific threats and situations in which these may occur are predicted. In this phase, the security risk estimation is not made, but the necessary information and instructions that will be used for the estimate are gathered. “Vulnerability Estimation“ is the phase of a security risk management model in which the strength and weakness of a business system should be recognized, related to security measures which protect the system from the surrounding influences. In the next phase, the security risk estimate is realized. All available, relevant (direct and indirect) security-related information are combined, in order to identify potential influence and the probability of the occurrence of a potential threat on the business system, i.e. to get the current level of security risk. In the phase “Security Measures and Strategies“ their development and creation are realized, in order to accomplish the reduction of probable occurrence of security risk and its harmful (dangerous) influence by their application. In the phase „Decision Making“ it is necessary to bring the decisions related to priorities, logistics support, timelines, financials, etc. This phase is realized in three steps, as follows: (1) Procedures for reducing the security risk to an acceptable level, (2) Priorities setting, and (3) Approving of financials and necessary resources. After this phase, the preparation and implementation of developed security measures are realized by this model. In the end, the evaluation of everything done is made, potentially, necessary corrections are realized, as well as the preparation for future modernization of security measures and strategies is made.
Authors and Affiliations
Nemanja Jovanov, Nikola Glodjovic, Goran Jovanov
Keywords
Related Articles
- EP ID EP655974
- DOI 10.12709/fbim.07.07.02.06
- Views 54
- Downloads 0
TECHNICAL SPECIALISM OF HUMAN RESOURCES AS CONDITION FOR DEVELOPMENT OF SMES IN SERBIA
Technical progress and adequate staff profiling are two essential conditions for the development of forces of production, in one company ande country alike. The competitive advantage of SME-s grouped in to the sectors wi...
METODOLOGIJA ANALIZA MEDIJSKIH SADRŽAJA U MEDIJA MONITORING ORGANIZACIJAMA PRI DELIMIČNOJ DIGITALIZACIJI
U radu je predstavljen model organizacije preduzeća za monitoring medija pri delimičnoj digitalizaciji štampanih medija, sa akcentom na sektor analiza medijskih sadržaja. Organizaciona struktura i funkcionisanje preduzeć...
IMPROVING INFORMATION SYSTEMS BY USE OF Wi-Fi STANDARD
This paper presents the importance of using Wi-Fi technology and other IT equipment in business organizations. The use of new technologies and equipment has led to the improvement of information systems. The Wi-Fi standa...
RESEARCH ON THE DEVELOPMENT PATH OF NINGBO TRANSPORTATION EQUIPMENT MANUFACTURING INDUSTRY IN 16 CEEC
Ningbo's transportation equipment manufacturing enterprises have reached the world's leading level in technology, but the CEEC, whose economic level surpasses our country, are lagging behind in terms of transportation in...
IT COURT EXPERT BETWEEN SCYLLA AND CHARYBDIS
Accepting expertise in IT, the court expert encounters with numerous: moral, professional, and is understood by objective problems. In this paper we will try to explain the mentioned problems by offering solutions from o...