research-article

Sector-Specific Tool for Information Security Risk Management in the Context of Telecommunications Regulation (Tool demo)

Authors:

Nicolas Mayer,

Jocelyn AubertAuthors Info & Claims

SIN '14: Proceedings of the 7th International Conference on Security of Information and Networks

Pages 85 - 88

https://doi.org/10.1145/2659651.2659665

Published: 09 September 2014 Publication History

Get Access

Abstract

The current European regulation on public communications networks requires that Telecommunications Service Providers (TSPs) take appropriate technical and organisational measures to manage the risks posed to security of networks and services. After having adapted generic Information Security Risk Management (ISRM) process and practices to the telecommunications sector, these methodological aspects are integrated in a supporting tool dedicated to the TSPs. The objective of this paper is to present the features and our approach for fine-tuning TISRIM, our ISRM tool, to the telecommunications sector.

References

[1]

Dekker, M. and Karsberg, C. 2013. Technical Guideline on Security Measures - Technical guidance on the security measures in Article 13a. ENISA (The European Network and Information Security Agency).

Google Scholar

[2]

ISO 31000 2009. Risk management -- Principles and guidelines. International Organization for Standardization.

Google Scholar

[3]

ISO/IEC 27005 2011. Information technology -- Security techniques -- Information security risk management. International Organization for Standardization.

Google Scholar

[4]

Mayer, N. A Cluster Approach to Security Improvement according to ISO/IEC 27001.

Google Scholar

[5]

Mayer, N. et al. 2013. Sector-Based Improvement of the Information Security Risk Management Process in the Context of Telecommunications Regulation. Systems, Software and Services Process Improvement. F. McCaffery et al., eds. Springer Berlin Heidelberg. 13--24.

Google Scholar

[6]

Official Journal of the European Union 2009. Directive 2009/140/EC of the European Parliament and of the Council of 25 November 2009.

Google Scholar

Cited By

View all

Sánchez-García IMejía JSan Feliu Gilabert T(2022)Cybersecurity Risk Assessment: A Systematic Mapping Review, Proposal, and ValidationApplied Sciences10.3390/app1301039513:1(395)Online publication date: 28-Dec-2022
https://doi.org/10.3390/app13010395
Mayer NAubert JGrandry EFeltus CGoettelmann EWieringa R(2019)An integrated conceptual model for information system security risk management supported by enterprise architecture managementSoftware and Systems Modeling (SoSyM)10.1007/s10270-018-0661-x18:3(2285-2312)Online publication date: 18-Jul-2019
https://dl.acm.org/doi/10.1007/s10270-018-0661-x
Grandry EFeltus CDubois E(2018)A Risk Integration Framework for the Service-Oriented EnterpriseInternational Journal of Information Systems in the Service Sector10.4018/IJISSS.201807010110:3(1-19)Online publication date: 1-Jul-2018
https://dl.acm.org/doi/10.4018/IJISSS.2018070101
Show More Cited By

Index Terms

Sector-Specific Tool for Information Security Risk Management in the Context of Telecommunications Regulation (Tool demo)
1. Security and privacy
2. Social and professional topics
  1. Computing / technology policy
    1. Computer crime

Recommendations

Defining measurements for analyzing information security risk reports in the telecommunications sector
SAC '16: Proceedings of the 31st Annual ACM Symposium on Applied Computing

It is clearly acknowledged that to consider an Information System (IS) as fully secure, although desirable, this is not achievable. In this context, risk management is becoming both a key aspect and the main trust vector which is particularly included in ...
Taxonomy of information security risk assessment (ISRA)

Information is a perennially significant business asset in all organizations. Therefore, it must be protected as any other valuable asset. This is the objective of information security, and an information security program provides this kind of ...
A Methodology for Mobile Network Security Risk Management
ITNG '09: Proceedings of the 2009 Sixth International Conference on Information Technology: New Generations

Based on the risk analysis done in the GSM network of Iran a methodology for cellular mobile network risk management is established. Primarily we focus on the importance of risk management in the GSM Network and then introduce very briefly the suggested ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

SIN '14: Proceedings of the 7th International Conference on Security of Information and Networks

September 2014

518 pages

ISBN:9781450330336

DOI:10.1145/2659651

Conference Chair:
Ron Poet
University of Glasgow, UK
,
Program Chair:
Raj Muttukrishnan
City University, UK

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

In-Cooperation

SIGSAC: ACM Special Interest Group on Security, Audit, and Control
MNIT: Malaviya National Institute of Technology
Aksaray Univ.: Aksaray University
SICSA: The Scottish Informatics and Computer Science Alliance
University of Glasgow: University of Glasgow

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 09 September 2014

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Conference

SIN '14

SIN '14: The 7th International Conference on Security of Information and Networks

September 9 - 11, 2014

Scotland, Glasgow, UK

Acceptance Rates

SIN '14 Paper Acceptance Rate 32 of 109 submissions, 29%;

Overall Acceptance Rate 102 of 289 submissions, 35%

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

4
Total Citations
View Citations
149
Total Downloads

Downloads (Last 12 months)6
Downloads (Last 6 weeks)0

Reflects downloads up to 09 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Sánchez-García IMejía JSan Feliu Gilabert T(2022)Cybersecurity Risk Assessment: A Systematic Mapping Review, Proposal, and ValidationApplied Sciences10.3390/app1301039513:1(395)Online publication date: 28-Dec-2022
https://doi.org/10.3390/app13010395
Mayer NAubert JGrandry EFeltus CGoettelmann EWieringa R(2019)An integrated conceptual model for information system security risk management supported by enterprise architecture managementSoftware and Systems Modeling (SoSyM)10.1007/s10270-018-0661-x18:3(2285-2312)Online publication date: 18-Jul-2019
https://dl.acm.org/doi/10.1007/s10270-018-0661-x
Grandry EFeltus CDubois E(2018)A Risk Integration Framework for the Service-Oriented EnterpriseInternational Journal of Information Systems in the Service Sector10.4018/IJISSS.201807010110:3(1-19)Online publication date: 1-Jul-2018
https://dl.acm.org/doi/10.4018/IJISSS.2018070101
Le Bray YMayer NAubert JOssowski S(2016)Defining measurements for analyzing information security risk reports in the telecommunications sectorProceedings of the 31st Annual ACM Symposium on Applied Computing10.1145/2851613.2851847(2189-2194)Online publication date: 4-Apr-2016
https://dl.acm.org/doi/10.1145/2851613.2851847

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Abstract

References

Cited By

Index Terms

Recommendations

Defining measurements for analyzing information security risk reports in the telecommunications sector

Taxonomy of information security risk assessment (ISRA)

A Methodology for Mobile Network Security Risk Management

Comments

Information

Published In

In-Cooperation

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Conference

Acceptance Rates

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

Login options

Full Access

View options

PDF

eReader

Share

Share this Publication link

Share on social media

Affiliations