Modeling of Risk Treatment Measurement Model under Four Clusters Standards (ISO 9001, 14001, 27001, OHSAS 18001)

Abstract A novel model to measure Risk Treatment ARME (Assets Risk Value & Control Measures Effectiveness) under four clusters standards (ISO 9001, 14001, 27001, OHSAS 18001) was firstly proposed in this paper. Establishment, computation, realization flow and applications were discussed in this paper. Correctness of the model was proved; the corresponding indicator system was given. The computation and implementation flow were developed. It was proposed the superiorities of some organization undertook this model. According to the theory study and the practical implementation, the model proposed in this paper was effective for measuring risk treatment plan.

[1]  Predrag Zivic Information risk and security modeling , 2005, SPIE Defense + Commercial Sensing.

[2]  日本規格協会 情報技術-セキュリティ技術-情報セキュリティ管理策の実践のための規範 : ISO/IEC 27002 = Information technology-Security techniques-Code of practice for information security controls : ISO/IEC 27002 , 2013 .

[3]  Belur V. Dasarathy Data Mining, Intrusion Detection, Information Assurance, and Data Networks Security 2008, Orlando, FL, USA, March 17-18, 2008 , 2008, Data Mining, Intrusion Detection, Information Assurance, and Data Networks Security.

[4]  M. Dixon,et al.  Security risk mitigation for information systems , 2007 .

[5]  Emmanuel Aroms,et al.  NIST Special Publication 800-30 Risk Management Guide for Information Technology Systems , 2012 .

[6]  日本規格協会 情報技術-セキュリティ技術-情報セキュリティマネジメントシステム-要求事項 : 国際規格ISO/IEC 27001 = Information technology-Security techniques-Information security management systems-Requirements : ISO/IEC 27001 , 2005 .

[7]  日本規格協会 環境マネジメントシステム : 要求事項及び利用の手引 = Environmental management systems : requirements with guidance for use , 2002 .

[8]  Howard Chivers Information Modeling for Automated Risk Analysis , 2006, Communications and Multimedia Security.

[9]  G. Stoneburner,et al.  Risk Management Guide for Information Technology Systems: Recommendations of the National Institute of Standards and Technology , 2002 .