Using the evidential reasoning approach in auditing of an information security management system
Identifikátory výsledku
Kód výsledku v IS VaVaI
<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F60076658%3A12510%2F10%3A00012312" target="_blank" >RIV/60076658:12510/10:00012312 - isvavai.cz</a>
Výsledek na webu
—
DOI - Digital Object Identifier
—
Alternativní jazyky
Jazyk výsledku
angličtina
Název v původním jazyce
Using the evidential reasoning approach in auditing of an information security management system
Popis výsledku v původním jazyce
Audit information security management system (ISMS) is an important element of a well-functioning ISM. As part of an ISMS audit, it is also necessary to determine the audit risk. Various methods exist and are developed for risk assessment, both in practical and theoretical level. These methods can use quantitative methods, or may be based on a qualitative assessment of risks. Current standards (e.g. ISO 27001) for construction and operation of the ISMS remain on operators how to carry out risk identification, relevant analyses and evaluations. Various probabilistic methods or methods based on Bayesian statistics are widely used theoretical methods. However, currently there are no generally accepted methods for calculating risk. This is due to the difficulty of quantifying some events and often subjective nature of the analysis. In this paper, we introduce an evidential reasoning model (evidential reasoning approach under the Dempster-Shafer theory) for the information systems audit ris
Název v anglickém jazyce
Using the evidential reasoning approach in auditing of an information security management system
Popis výsledku anglicky
Audit information security management system (ISMS) is an important element of a well-functioning ISM. As part of an ISMS audit, it is also necessary to determine the audit risk. Various methods exist and are developed for risk assessment, both in practical and theoretical level. These methods can use quantitative methods, or may be based on a qualitative assessment of risks. Current standards (e.g. ISO 27001) for construction and operation of the ISMS remain on operators how to carry out risk identification, relevant analyses and evaluations. Various probabilistic methods or methods based on Bayesian statistics are widely used theoretical methods. However, currently there are no generally accepted methods for calculating risk. This is due to the difficulty of quantifying some events and often subjective nature of the analysis. In this paper, we introduce an evidential reasoning model (evidential reasoning approach under the Dempster-Shafer theory) for the information systems audit ris
Klasifikace
Druh
J<sub>x</sub> - Nezařazeno - Článek v odborném periodiku (Jimp, Jsc a Jost)
CEP obor
AE - Řízení, správa a administrativa
OECD FORD obor
—
Návaznosti výsledku
Projekt
—
Návaznosti
V - Vyzkumna aktivita podporovana z jinych verejnych zdroju
Ostatní
Rok uplatnění
2010
Kód důvěrnosti údajů
S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů
Údaje specifické pro druh výsledku
Název periodika
Acta Universitatis Bohemiae Meridionales : vědecký časopis pro ekonomiku, řízení a obchod
ISSN
1212-3285
e-ISSN
—
Svazek periodika
XIII
Číslo periodika v rámci svazku
3
Stát vydavatele periodika
CZ - Česká republika
Počet stran výsledku
7
Strana od-do
—
Kód UT WoS článku
—
EID výsledku v databázi Scopus
—