João Santos – Instituto Politécnico de Setúbal, Setúbal – Portugal
Leonilde Reis – Instituto Politécnico de Setúbal, Setúbal – Portugal
Manuel Landum – Câmara Municipal do Barreiro, Barreiro – Portugal
Keywords:
Information security;
Risk management;
Cybersecurity
Abstract: In Portugal, the Council’s Minister Resolution 41/2018, presents a complement to the General Data Protection Regulation (GDPR), which, in order to comply with it, defines technical guidelines for the Public Administration concerning the security architecture of networks and information systems. The objective of the paper is to present risk management in an organizational context. The adopted methodology is focused on the presentation of the research and obligations that the organizations have to take into account before the law and the regulatory authorities. International standards and how they can be applied in the context of the organization under study were analyzed, and the main results reached, aim to raise awareness within the organizations assertively, for the existing vulnerabilities and threats. Risk management was based on asset management and professional experience acquired over the years, as well as knowledge of internal procedures.
6th International Scientific Conference on Recent Advances in Information Technology, Tourism, Economics, Management and Agriculture – ITEMA 2022 – Conference Proceedings, Hybrid (University of Maribor, Slovenia), October 27, 2022
ITEMA Conference Proceedings published by: Association of Economists and Managers of the Balkans – Belgrade, Serbia
ITEMA conference partners: Faculty of Economics and Business, University of Maribor, Slovenia; Faculty of Organization and Informatics, University of Zagreb, Varaždin; Faculty of Geography, University of Belgrade, Serbia; Institute of Marketing, Poznan University of Economics and Business, Poland; Faculty of Agriculture, Banat’s University of Agricultural Sciences and Veterinary Medicine ”King Michael I of Romania”, Romania
ITEMA Conference 2022 Conference Proceedings: ISBN 978-86-80194-63-9, ISSN 2683-5991, DOI: https://doi.org/10.31410/ITEMA.2022
Creative Commons Non Commercial CC BY-NC: This article is distributed under the terms of the Creative Commons Attribution-Non-Commercial 4.0 License (https://creativecommons.org/licenses/by-nc/4.0/) which permits non-commercial use, reproduction and distribution of the work without further permission.
Santos, J., Reis, L., & Landum, M. (2022). Impact of Risk Management in an Organizational Context. In V. Bevanda (Ed.), International Scientific Conference ITEMA 2022: Vol 6. Conference Proceedings (pp. 117-121). Association of Economists and Managers of the Balkans. https://doi.org/10.31410/ITEMA.2022.117
References
ISMS.Online. (2022). ISO 27002:2022 Changes, Updates & Comparison. https://www.isms.online/iso-27002/iso-27002-revisions-updates-comparison/
ISO 31000. (2018). Risk management — Guidelines. https://www.iso.org/standard/65694.html
ISO 55000. (2014). Asset management — Overview, principles and terminology. https://www.iso.org/standard/55088.html
ISO/IEC 27001. (2018). Information security management systems – Requirements, 2018. www.iso.org/isoiec-27001-informationsecurity.html
ISO/IEC 27002. (2022). Information security, cybersecurity and privacy protection — Information security controls. https://www.iso.org/standard/75652.html
ISO/IEC 27005. (2018). Information technology — Security techniques — Information security risk management. https://www.iso.org/standard/75281.html
Santos, J. (2022). Gestão da Segurança da Informação. Relatório de Estágio de Licenciatura, Instituto Politécnico de Setúbal.
