Ekonomiczne Problemy Usług (May 2018)

Raport analizy ryzyka jako kluczowy element tworzenia polityki bezpieczeństwa informacji

  • Jerzy Stanik,
  • Maciej Kiedorowicz

Journal volume & issue
Vol. 130

Abstract

Read online

The authors present a proprietary approach to the process of creating and maintaining an infor-mation security policy in the organization. The proposed method of creating the Security Policy is comprehensive and easy to apply in practice. It is based on a life cycle of a security policy whose start-up phase is preparatory work carried out quite rarely and on demand, while the regular stage is work performed cyclically – the PDCA model. Within each cycle, the following processes are performed: risk analysis, preparation of the Basic Information Security Policy (BPBI) project, project implementation, development of a security strategy, assessment of the effectiveness of the implemented strategy, improvement of the security policy.

Keywords