Methodological Approach to Risk Assessment in Building Security

Building object (or asset) security has always been a burning subject in all systems and regimes since ancient times, and will always be. The reason for this lies solely in the fact that these objects have a high material, historical, cultural and other value. Therefore, the owners of such buildings, regardless of whether they are the public, civic or some other social institutions, organizations or individuals, have always paid, more or less, attention to the issue of security of such objects. The amount of attention given to the security of these structures in general depends on the current situation of the external and internal environment of the object, relative to the degree of security threats to it. Certain organizational - technical activities are being performed with the aim to protect such objects. Up to which extent they will be used, depends on the level of risk assessment of those objects that will show the possibility that incidents might occur with harmful consequences. Poor risk assessment results in many unnecessary investments in the security, or lack of it, which does not offer the necessary optimum of security. Hence, risk assessment in building security is considered to be a highly significant and crucial matter. This paper presents a methodological approach to risk assessment in the overall process approach to risk management in order to provide security to the objects. It delivers a critical overview of the methodological steps of risk assessment with the intention to achieve the most realistic assessment

Introducing the Information Security Management System in Cloud Computing Environment

Abstract: Numerous organizations coordinate and certify their information security systems according to the Information Security Management System (ISMS) standard. Available Cloud Computing Services (CCSs) include new types of vulnerability and differ in management requirements from other computational systems. Establishing a consistent security management framework (SMF) and information security management system (ISMS) in CC environment is a complicated, demanding and time-consuming process. Every experience from applying ISMS standard solutions is certainly useful, but not enough to entirely cover all security requirements of the customers and Cloud Service Provider (CSP). Attempts of establishing an integrated and consistent SMF and ISMS in CC environment have not been researched in-dept

Integrated management model of the corporate digital forensic investigation

Metrici indikatora ključnih performansi (KPI) treba uspostaviti u upravljačkom sustavu procesa korporativne digitalne forenzičke (DF) istrage, kako bi se ohrabrilo poboljšanje efektivnosti i efikasnosti performansi procesa. Oni trebaju omogućiti kvantitativnu procjenu dobiti u ciljevima DF istrage, kao što su izgradnja čvrstih digitalnih dokaza (DE), redukcija troškova i ciklusa DF istrage itd. Metrici KPI trebaju uključiti usklađivanje s DF principima i standardima, standardnim operativnim procedurama (SOP), forenzičkim i legalnim zahtjevima, smanjenjem troškova, kvalitetom DE, zadovoljstvom relevantnih sudionika i pravosudnom prihvatljivosti DE. Kao alat za poboljšanje kvaliteta procesa DF istrage, metrici KPI trebaju biti dobro definirani i shvaćena te da ih svi relevantni sudionici uvode u proces DF istrage. Autori ovog rada sugeriraju jedan integrirani model upravljanja procesom korporacijske DF istrage, koji obuhvaća ključne aktivnosti, resurse, ciljeve performansi, rizike i metrike KPI. Model je relevantan za razvoj i upravljanje efektivnim procesima DF istrage.Metrics of the key performances indicators (KPIs) should be established into corporate digital forensic (DF) investigation process management to encourage performances effectiveness and efficiency improvement. The KPIs should lead to a quantitative assessment of gains in the DF investigation objectives, such as creating proved digital evidence (DE), reducing costs and DF investigation cycle time, etc. The KPIs metrics should address alignment with DF principles and standard operating procedures (SOP), forensic and legal requirements, digital evidence (DE) quality, stakeholder satisfaction and digital evidence legal admissibility. As a tool for quality improvement of the DF investigation processes, the KPIs metrics should be well defined and understood, and introduced by all stakeholders in the DF investigation process. The authors of this article suggested an integrated model of the corporate DF investigation management process. The model includes key activities, resources, performances objectives, risks and the KPIs metric. It is relevant for the development and management of the effective corporate DF investigation processes

Model integrisane forenzičke istrage poslovnih prevara

Isticanje novog polja forenzike, forenzičkog računovodstva, je prouzrokovano brzim promjena u elektronskom poslovnom okruženju te naglim porastom broja poslovnih prevara. Iako prevare možemo naći u mnogim oblicima, najčešće se svode na krađu sredstava i informacija ili zloupotrebu nečije imovine u obliku informacija. U današnjem svijetu, računovođe mogu najviše pomoći u istrazi korporativnih, ili bolje rečeno finansijskih prevara, koje danas preovladavaju u digitalnom okruženju. U ovom radu, autori su predložili model integrisane forenzičke istrage poslovnih prevara koji predstavlja spoj računovodstvenog, revizorskog i digitalnog istražnog postupka. No, prije nego što ovaj pristup može biti propisno verifikovan, potrebno je izvršiti dodatna ispitivanja

Achieving Business Excellence by Optimizing Corporate Forensic Readiness

In order to improve their business excellence, all organizations, despite their size (small, medium or large one) should manage their risk of fraud. Fraud, in today’s world, is often committed by using computers and can only be revealed by digital forensic investigator. Not even small or medium-sized companies are secure from fraud. In the light of recent financial scandals that literary demolished not just economies of specific countries but entire world economy, we propose in this paper an optimal model of corporative computer incident digital forensic investigation (CCIDFI) by using adopted mathematic model of the greed MCDM – multi-criteria decision-making method and the Expert Choice software tool for multi-criteria optimization of the CCIDFI readiness. Proposed model can, first of all, help managers of small and medium-sized companies to justify their decisions to employ digital forensic investigators and include them in their information security teams in order to choose the optimal CCIDFI model and improve forensic readiness in the computer incident management process that will result with minimization of potential losses of company in the future and improve its business quality

Optimizacija zaštite turističkih agencija od kompjuterskog kriminala

Nauka i praksa bezbednosti informacija na Internetu ušla je u svoju zreliju fazu. Dostupni su brojne metodologije za procenu rizika (preko 200), standardi zaštite, katalozi ranjivosti, pretnji i mera (kontrola) zaštite. Metodologija za procenu rizika informacija (ISO/IEC 27005:2008) usvojena je i u finansijskom sektoru u sporazumu BASEL II za procenu operativnog rizika. Iako standardizacija značajno smanjuje kompleksnost uvođenja sistema zaštite, implementacija osnovnih mera zaštite za smanjenje rizika na prihvatljiv nivo, još uvek je složena, skupa i zahteva specifična znanja i iskustva. Problem online krađe ličnih podataka i brojeva platnih kartica odnosi se upravo na turističke agencije gde klijenti masovno plaćaju račune platnim karticama. U ovom radu autori sugerišu optimalan okvir za upravljanje zaštitom informacija u Internet okruženju u turističkim agencijama, sa ciljem da se smanji kompleksnost i da se iste ohrabre da organizovano uvode sistem i praksu zaštite informacija, prema svojim potrebama i resursima