Adopting ISO/IEC 27005:2011-based Risk Treatment Plan to Prevent Patients Data Theft
How to cite (IJASEIT) :
R. Latiff and J. Wagstaff, “Malaysia investigating reported leak of 46 million mobile users’ data,” Thomson Reuters, 2017. [Online]. Available: https://www.reuters.com/article/us-malaysia-cyber/malaysia-investigating-reported-leak-of-46-million-mobile-users-data-idUSKBN1D13JM. [Accessed: 25-Jun-2018].
R. M. Alhajri, S. J. Alsunaidi, R. Zagrouba, A. M. Almuhaideb, and M. A. Alqahtani, “Dynamic interpretation approaches for information security risk assessment,” 2019 Int. Conf. Comput. Inf. Sci. ICCIS 2019, pp. 1-6, 2019.
F. M. Dedolph, “The Neglected Management Activity : Software Risk Management,” vol. 8, no. 3, pp. 91-95, 2003.
K. Beckers, S. FaíŸbender, M. Heisel, J. C. Kí¼ster, and H. Schmidt, “Supporting the development and documentation of ISO 27001 information security management systems through security requirements engineering approaches,” Lect. Notes Comput. Sci. (including Subser. Lect. Notes Artif. Intell. Lect. Notes Bioinformatics), vol. 7159 LNCS, no. 256980, pp. 14-21, 2012.
J. Breier and F. Schindler, “Assets Dependencies Model in Information Security Risk Management,” pp. 405-412, 2014.
A. Iqbal, H. Suhaimi, T. Manji, Y. Goto, and J. Cheng, “A Systematic Management Method of ISO Information Security Standards for Information Security Engineering Environments,” pp. 370-384, 2011.
S. Patino, E. F. Solis, S. G. Yoo, and R. Arroyo, “ICT Risk Management Methodology Proposal for Governmental Entities Based on ISO/IEC 27005,” 2018 5th Int. Conf. eDemocracy eGovernment, ICEDEG 2018, pp. 75-82, 2018.
T. Kosub, “Components and challenges of integrated cyber risk management,” pp. 615-634, 2015.
A. Madhavi and S. Lincke, “Security Risk Assessment in Electronic Health Record System,” 2018 IEEE Technol. Eng. Manag. Conf. TEMSCON 2018, pp. 1-4, 2018.
D. J. Tjirare and F. B. Shava, “A Gap Analysis of the ISO / IEC 27000 Standard Implementation in Namibia,” pp. 1-10, 2017.
T. Faculty, A. Susanto, T. Faculty, and T. Faculty, “Assessment of ISMS Based On Standard ISO / IEC 27001 : 2013 at DISKOMINFO Depok City,” 2013.
G. Wangen, “Information Security Risk Assessment: A Method Comparison,” Computer (Long. Beach. Calif)., vol. 50, no. 4, pp. 52-61, 2017.
L. Rukh and A. A. Malik, “Swiss Army Knife of Software Processes,” in 2017 International Conference on Communication Technologies (ComTech) Swiss, 2017, pp. 3-5.
A. Alwi and K. A. Zainol Ariffin, “Information Security Risk Assessment for the Malaysian Aeronautical Information Management System,” Proc. 2018 Cyber Resil. Conf. CRC 2018, pp. 1-4, 2019.
O. O. Mwambe and I. Echizen, “Security oriented malicious activity diagrams to support information systems security,” Proc. - 31st IEEE Int. Conf. Adv. Inf. Netw. Appl. Work. WAINA 2017, pp. 74-81, 2017.
J. Bayne, “An Overview of Threat and Risk Assessment,” 2002.
G. Stoneurner, A. Goguen, A. Feringa, and N. S. Publication, Risk Management Guide for Information Technology Systems Recommendations of the National Institute of Standards and Technology, vol. 30, no. July. 2002.
R. Bojanc and B. Jerman-BlažiÄ, “An economic modelling approach to information security risk management,” Int. J. Inf. Manage., vol. 28, no. 5, pp. 413-422, 2008.
H. Susanto, F. Bin Muhaya, M. N. Almunawar, and Y. C. Tuan, “Refinement of Strategy and Technology Domains STOPE View on ISO 27001,” arXiv Prepr. arXiv1204.1385, pp. 1-7, 2010.
T. Neubauer, A. Ekelhart, and S. Fenz, “Interactive Selection of ISO 27001 Controls under Multiple Objectives,” in Proceedings of The Ifip Tc 11 23rd International Information Security Conference, Boston, MA: Springer US, 2008, pp. 477-492.
H. S. Group, “The Adoption of IT Security Standards in a Healthcare Environment,” pp. 765-770, 2008.
S. Tritilanunt and S. Ruaysungnoen, “Security Assessment of Information System in Hospital Environment,” pp. 11-16, 2017.
L. Astakhova and I. Zemtsov, “Situational approach to information security,” Proc. - 2018 Ural Symp. Biomed. Eng. Radioelectron. Inf. Technol. USBEREIT 2018, pp. 136-139, 2018.
H. Susanto and M. N. Almunawar, “Information Security Awareness : A Marketing Tools for Corporate ’ s Business Processes,” pp. 1-12, 2012.
G. Wangen, C. Hallstensen, and E. Snekkenes, “A framework for estimating information security risk assessment method completeness: Core Unified Risk Framework, CURF,” Int. J. Inf. Secur., vol. 17, no. 6, pp. 681-699, 2018.
B. Å¢IGÄ‚NOAIA, “Some Aspects Regarding the Information Security Management System within Organizations - Adopting the ISO/IEC 27001:2013 Standard,” Stud. Informatics Control, vol. 24, no. 2, pp. 201-210, 2015.
M. McNeil, T. Llansó, and D. Pearson, “Application of capability-based cyber risk assessment methodology to a space system,” pp. 1-10, 2018.
ISO, “INTERNATIONAL STANDARD ISO / IEC FDIS 27001,” vol. 2005. ISO, 2005.
J. W. Candra, O. C. Briliyant, and S. R. Tamba, “ISMS planning based on ISO/IEC 27001:2013 using analytical hierarchy process at gap analysis phase (Case study : XYZ institute),” Proceeding 2017 11th Int. Conf. Telecommun. Syst. Serv. Appl. TSSA 2017, vol. 2018-Janua, no. 4, pp. 1-6, 2018.
A. Longras, T. Pereira, P. Carneiro, and P. Pinto, “On the Track of ISO/IEC 27001:2013 Implementation Difficulties in Portuguese Organizations,” 2018, pp. 886-890.
B. Barafort, A. L. Mesquida, and A. Mas, “Integrating risk management in IT settings from ISO standards and management systems perspectives,” Comput. Stand. Interfaces, vol. 54, no. November 2016, pp. 176-185, 2017.
This work is licensed under a Creative Commons Attribution 4.0 International License.
Authors who publish with this journal agree to the following terms:
- Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).