An information security management system (ISMS) is no option but a requirement for organizations to defend their systems. This paper seeks to compare the CIS Controls v8 and the ISO/IEC 27001:2022 and understand the purpose, procedures, and effectiveness of both in reducing security vulnerabilities. It presents a conceptual model of ISMS based on the requirements of the ISO/IEC 27001:2022 standard and developed with the diagrams of system structure using UML. The ontology is exported to RDF/XML or Turtle and validated for compliance with the RDF rules.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

An Ontological Approach to Information Security Risk Management Based on ISO/IEC 27001:2022

  • Youssef El Marzak,
  • Khalifa Mansouri,
  • Sophia Faris

摘要

An information security management system (ISMS) is no option but a requirement for organizations to defend their systems. This paper seeks to compare the CIS Controls v8 and the ISO/IEC 27001:2022 and understand the purpose, procedures, and effectiveness of both in reducing security vulnerabilities. It presents a conceptual model of ISMS based on the requirements of the ISO/IEC 27001:2022 standard and developed with the diagrams of system structure using UML. The ontology is exported to RDF/XML or Turtle and validated for compliance with the RDF rules.