Paper Title
Cyber Security: Risk Management - In Context of ISO 2700X -
Abstract
Information systems are ubiquitous today in all businesses. The computer security of these systems must protect them from many threats of various origins. Risk management can determine, based on the vulnerability of the system, its criticality for each of these threats. It then makes it possible to propose the necessary and sufficient solutions to reduce the risks to an acceptable residual level.
The purpose of this article is to discuss the issue of cybersecurity within an organization and to analyze risk management activities across selected ISO standards to provide the basis for improving risk management in information systems. Then we discuss the different methodologies / tools for evaluating and managing the risks associated with information and its treatments. We also present an example based on ISO27001 set for risk assessment and risk management. The results of this research indicate that successful risk management helps protect the cyber-attack information system.
Keywords - Cyber Security, Risk Management, ISO Standards, Mehrai, Ebios, Risk Analysis, Standard Organisation, Information Security, ISO 27001.