2013 | OriginalPaper | Buchkapitel
Sector-Based Improvement of the Information Security Risk Management Process in the Context of Telecommunications Regulation
verfasst von : Nicolas Mayer, Jocelyn Aubert, Hervé Cholez, Eric Grandry
Erschienen in: Systems, Software and Services Process Improvement
Verlag: Springer Berlin Heidelberg
Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.
Wählen Sie Textabschnitte aus um mit Künstlicher Intelligenz passenden Patente zu finden. powered by
Markieren Sie Textabschnitte, um KI-gestützt weitere passende Inhalte zu finden. powered by
The current European regulation on public communications networks requires today that Telecommunications Service Providers (TSPs) take appropriate technical and organizational measures to manage the risks posed to security of networks and services. However, a key issue in this process is the risk identification activity, which roughly consists in defining what are the relevant risks regarding the business operated and the architecture in place. The same problem appears when selecting relevant security controls. The research question discussed in this paper is: how to adapt generic Information Security Risk Management (ISRM) process and practices to the telecommunications sector? To answer this research question, a four-step research method has been established and is presented in this paper. The outcome is an improved ISRM process in the context of the telecommunications regulation.