Risk Management for ISO 27005 Decision support
The security of information systems focuses on raising the level of business security while aligning with its strategy and objectives. The family of ISO 2700x, whose theme is: Information technology - Security techniques, allows taking into account all of these security problems, by offering a pack of uniform and standards that respect the continuous improvement cycle PDCA. Being closely linked to the security of information systems, the risk management consists of assessing the uncertainty of the future to make the best decision possible today. Risk management and all decision processes fall within this problematic. The decision making on the Information security risk management requires taking into account an increasing amount of data of different types and qualities. As a result, risk managers increasingly use computers to provide powerful tools for decision support. The aim of this article is to make an overview of the ISO 2700x, focusing more particularly on the content of the ISO 27005 standard, dedicated to information security risk management. In this context, a UML modeling of the processes of ISO 27005 is presented as an improvement of this modeling by criteria and indicators that support the quality of decision making in various decision points. This is the vision of increasing the efficiency and effectiveness of decision making process.
Hanane Bahtit, Boubker Regragui