INTEGRATION OF THE GDPR REQUIREMENTS INTO THE REQUIREMENTS OF THE SR EN ISO/IEC 27001:2018 STANDARD, INTEGRATION SECURITY MANAGEMENT SYSTEM IN A SOFTWARE DEVELOPMENT COMPANY

Mirabela Luciana GAŞPAR, Sorin Gabriel POPESCU

Abstract


Information security in general and personal data security in particular is one of the major challenges in today’s business arena. It implies specific reactions both from the technological point of view and from the management point of view and specific international regulations and standards set the boundaries between which it operates. This paper presents a managerial approach on information security, which combines the GDPR (General Regulation regarding Personal Data Protection) requirements and those of the ISO 27001 standard, validated by a study case on a software development company. It suggests stages, the identification of the critical ones, it defines directions and actions related to information security and it describes the methodology for applying certain support techniques and instruments.


Full Text:

PDF

References


ASRO. (2018, February 19). Retrieved from GDPR și SR EN ISO/IEC 27001:2018: www.asro.ro

Council, E. (2017, september 11). Protection of European Union classified information (EUCI). Retrieved from European Council: http://www.consilium.europa.eu

Dinte, Constantin. (2016). Informatia si rolul acesteia in management.

ENISA. (2017, November). Retrieved from Cyber Security Culture in organisations: https://www.enisa.europa.eu

ISO. (2017, september). ISO Survey. Retrieved from International Organization for Standardization: www.iso.org

ISO27000. (2018). Information technology. Security techniques. Information security management systems. Overview and vocabulary.

ISO27001. (2013). Information technology. Security techniques. Information security management systems. Requirements. iso.org.

ISO27002. (2013). Information technology. Security techniques. Code of practice for information security controls. iso.org.

ISO27005. (2016). Information technology. Security techniques. Information security risk management. iso.org.

OECD. (2018). Retrieved from The-digital-economy-multinational-enterprises-and-international-investment-policy.pdf: http://www.oecd.org

ParlamentulEuropean, ș. C. (2016). Regulamentul (UE)2016/679 al Parlamentului European și Consiliului din 27 aprilie 2016 privind protecția persoanelor fizice în ceea ce privește prelucrarea datelor cu caracter personal și privind libera circulație a acestor date și de abrogare a Dir 95/46. Jurnalul Oficial al Uniunii Europene.

Reguli de buna practica privind securitatea informatiei. (2016, martie 25). Retrieved from InterManagement Consulting: http://www.intermanagement.eu

Rentrop&Straton. (2018). Protecția datelor cu caracter personal. Bucuresti: Rentrop&Straton.

SRENISO27001. (2018). Tehnologia informatiei. Tehnici de securitate.Sisteme de management al securității informației. Cerinte.

ASRO.

SV. (2015). Metodologia de evaluare a riscurilor.


Refbacks

  • There are currently no refbacks.


JOURNAL INDEXED IN :