| Autor: |
Itradat, Awni, Sultan, Sari, Al-Junaidi, Maram, Qaffaf, Rawa'a, Mashal, Feda'a, Daas, Fatima |
| Předmět: |
|
| Zdroj: |
Jordan Journal of Mechanical & Industrial Engineering; Apr2014, Vol. 8 Issue 2, p102-118, 17p, 10 Diagrams, 4 Charts |
| Abstrakt: |
Information is becoming one of the most important assets for almost every organization. Information systems are essential for every organization to access its information. However, these systems need to be secure in terms of confidentiality, integrity, and availability of the information. Information security comes as a magical solution for these requirements where a security audit of the system is developed to define and prioritize the risks that face information asset of the information system. So, risk assessment is applied to identify the risks and their impact on the system. Risk assessment is developed based on the vulnerability assessment, targeting specific information assets. Securing the information systems is the concern of the Information Security Management System ISMS adopted by the organization. Universities information systems are critical systems due to the rapid growth demand of students enrolling in universities in different programs, which will pay a higher level of complexity of these information systems. In this paper, an evaluation of the information security level at the Jordanian universities has been developed by launching a case study targeting the Hashemite University (HU). The case study focuses on analyzing the risks that faces HU information systems from two different perspectives (organizational and technical risks) by applying vulnerabilities assessment and penetration testing, finally organized into a risk assessment plan. During the case study, an ISO/IEC 27001:2005 ISMS has been developed in order to eliminate the risks that face the HU information systems. The ISMS (Information Security Management System) provides the required policies and controls in order to minimize the identified risks and to facilitate examining and enhancing the information security experience of HU. [ABSTRACT FROM AUTHOR] |
| Databáze: |
Complementary Index |
| Externí odkaz: |
|
