NDLI: A Comprehensive Framework for a Risk and Role Based Enterprise Security Awareness, Training and Educati on Program for ISO/IEC 27002 Compliance

Please wait, while we are loading the content...

A Comprehensive Framework for a Risk and Role Based Enterprise Security Awareness, Training and Educati on Program for ISO/IEC 27002 Compliance

Content Provider	Semantic Scholar
Author	Ruhl, Ron Lindskog, Dale
Copyright Year	2012
Abstract	Organizations are faced with a variety of ever changing information security risks. This study examines the state of information security, user groups and user roles responsible for and ISO/IEC domains required for risk mitigation in a large public organization in Canada. The objective is to develop a comprehensive risk and ro le based framework for an enterprise security awareness, training and education (SATE) program for ISO/IEC 27002 compliance with the intent to improve an existing SATE program in a large public organization. This paper discusses th e results of an information security survey conducted in 2010 an d describes the framework and its components and inte ractions. Significant findings of this study include: (1) a new and more comprehensive set of user roles within a user group for a SATE program not previously identified by the SANS Institute, (2) a significant number of new threats and vulnerabilities not previously identified in global and national information security surveys, (3) the use of a risk factor to prioritize what information security risks should be addressed in a SATE program, (4) the rationalization for the subject content in an enterprise SATE program and (5) a framework for a risk and role based enterprise SATE program f or ISO/IEC 27002 compliance. Keywords-component; user role; role based; risk based; ISO/IEC 27002 compliance; security awareness; security training; security education; threats; vulnerabilities
File Format	PDF HTM / HTML
Alternate Webpage(s)	https://concordia.ab.ca/wp-content/uploads/2017/04/2011Nip.pdf
Language	English
Access Restriction	Open
Content Type	Text
Resource Type	Article

Central Library (ISO-9001:2015 Certified)
Indian Institute of Technology Kharagpur
Kharagpur, West Bengal, India | PIN - 721302

See location in the Map
03222 282435
Mail: support@ndl.gov.in

Sl.	Authority	Responsibilities	Communication Details
1	Ministry of Education (GoI), Department of Higher Education	Sanctioning Authority	https://www.education.gov.in/ict-initiatives
2	Indian Institute of Technology Kharagpur	Host Institute of the Project: The host institute of the project is responsible for providing infrastructure support and hosting the project	https://www.iitkgp.ac.in
3	National Digital Library of India Office, Indian Institute of Technology Kharagpur	The administrative and infrastructural headquarters of the project	Dr. B. Sutradhar bsutra@ndl.gov.in
4	Project PI / Joint PI	Principal Investigator and Joint Principal Investigators of the project	Dr. B. Sutradhar bsutra@ndl.gov.in Prof. Saswat Chakrabarti will be added soon
5	Website/Portal (Helpdesk)	Queries regarding NDLI and its services	support@ndl.gov.in
6	Contents and Copyright Issues	Queries related to content curation and copyright issues	content@ndl.gov.in
7	National Digital Library of India Club (NDLI Club)	Queries related to NDLI Club formation, support, user awareness program, seminar/symposium, collaboration, social media, promotion, and outreach	clubsupport@ndl.gov.in
8	Digital Preservation Centre (DPC)	Assistance with digitizing and archiving copyright-free printed books	dpc@ndl.gov.in
9	IDR Setup or Support	Queries related to establishment and support of Institutional Digital Repository (IDR) and IDR workshops	idr@ndl.gov.in