Part of the book: Security Enhanced Applications for Information Systems
In the advanced information and communication network society, every organization faces information-related risks such as information leaks, system, and service malfunctions, unauthorized intrusions, business email compromise, ransom attacks, etc. In order to deal with these various types of risks, it is necessary to take measures that emphasize the balance of the entire organization rather than individual technical measures. In this chapter, we will provide an overview of various risks related to information and consider the establishment of information security policies as a means of overall risk management. Especially keeping in mind SMEs with limited financial and human resources, we will discuss the information security policy automatic generation system by utilizing ontology.
Part of the book: The Future of Risk Management [Working title]