ICT SECURITY MANAGEMENT AND RISK MANAGEMENT

Abstract

It’s critical to know what are the critical resources and processes of the company and their weaknesses. Security has become a management problem. A security audit can offer a handy solution. We have developed a method and a system. The system is called BEVA. BEVA includes a security audit measuring the security situation of the organisation in 38 security factors. Based onthis audit, it delivers an overall security score and the one for each security factor. It also supports management in detecting the critical security factors in the company. The ICT security budget is not unlimited. As a result not all needed security technologies can be implemented to improve all critical SF’s. To create a priority list of the corresponding critical threats we need to refer to organisational risks. We calculate the company specific risk scores and by the way we identify the most critical threats and by the way the most effective security technologies that must be implemented