A Framework for the Information Classification in ISO 27005 Standard

Information Security Risk Management (ISRM) process involves several activities to conduct a risk management (RM) task in an organization. ISRM activities require access to various information related to the organization. An organization often needs to share information related to an ISRM process with the stakeholders involved in the activity. Therefore, it is important to manage the information which is critical to the operations of the organization. The presence of an information classification scheme can enable the proper handling of the information involved in the RM task. We selected ISO/IEC27005:2011 risk management standard to assess various information generated during the process of applying this standard in an organization. The purpose of this study is to propose a framework to show various information objects involved in ISO27005 risk management standard and classify the information based on the guideline provided by UNINETT scheme. A case scenario of a health clinic is developed to identify ISRM related information objects using the proposed framework and classify the information using UNINETT scheme.

[1]  Jody R. Westby International Guide to Cyber Security , 2005 .

[2]  Keke Gai,et al.  A Classification Algorithm Based on Ensemble Feature Selections for Imbalanced-Class Dataset , 2016, 2016 IEEE 2nd International Conference on Big Data Security on Cloud (BigDataSecurity), IEEE International Conference on High Performance and Smart Computing (HPSC), and IEEE International Conference on Intelligent Data and Security (IDS).

[3]  Vivek Agrawal,et al.  Security and Privacy Issues in Wireless Sensor Networks for Healthcare , 2014, IoT360.

[4]  Woo-Sung Park,et al.  I. Introduction , 1962, Geological Society, London, Memoirs.

[5]  Solange Ghernaouti-Helie,et al.  Protecting Information in a Connected World: A Question of Security and of Confidence in Security , 2011, 2011 14th International Conference on Network-Based Information Systems.

[6]  Jean Cross,et al.  The Risk Management Standard , 1995 .

[7]  Vivek Agrawal,et al.  Towards the Ontology of ISO/IEC 27005: 2011 Risk Management Standard , 2016, HAISA.