Assessing data cybersecurity using ISO/IEC 25012
- PDF / 559,076 Bytes
- 21 Pages / 439.37 x 666.142 pts Page_size
- 15 Downloads / 204 Views
Assessing data cybersecurity using ISO/IEC 25012 Javier Verdugo 1,2
& Moisés Rodríguez
1,2
# Springer Science+Business Media, LLC, part of Springer Nature 2020
Abstract
Data is of ever-growing importance and is widely considered to be a company’s most valuable asset. Since data is becoming the main driver of business value, data quality and, specifically, data security are of paramount importance to companies. Various regulations related to data cybersecurity have been drawn up, such as the GDPR and the Cybersecurity Act, thus proving the importance placed on data cybersecurity by influential legislative institutions. Several standards related to security have emerged in recent years, most notably those of the ISO/IEC 27000 series. They are, however, focused on management systems and security infrastructure and ignore the security of the data itself. Other standards related to data quality, such as ISO 8000, also fail to address data security in depth. This paper, therefore, proposes a framework for the evaluation of data cybersecurity, consisting of a quality model, an evaluation process, and a tool for the visualization of the assessment results. This evaluation framework has been employed as the basis for a data cybersecurity certification scheme, which complements other certifiable standards related to data and security, such as ISO/IEC 27001 and ISO 8000. This work additionally presents the results of a pilot project in which the data cybersecurity of a commercial product was evaluated. The results of this pilot application allowed us to validate the feasibility of the evaluation framework defined. Keywords Data cybersecurity . Data evaluation . Data certification . ISO/IEC 25012 . GDPR
1 Introduction The increasing emergence of technologies related to open data, big data, business intelligence, etc. has, in recent years, led data to become the most important asset of those companies that have blossomed in the digital era. This article belongs to the Topical Collection on Quality Management for Information Systems Guest Editors: Mario Piattini, Ignacio García Rodríguez de Guzmán, Ricardo Pérez del Castillo
* Javier Verdugo [email protected] 1
AQCLab, Camino Moledores, 13005 Ciudad Real, Spain
2
Alarcos Research Group, Institute of Technologies and Information Systems, University of Castilla-La Mancha, Paseo de la Universidad, 4, 13071 Ciudad Real, Spain
Software Quality Journal
Other technological advancements that are increasingly present around us every day, such as the Internet of things and artificial intelligence, also rely heavily on the generation and the availability of vast amounts of data. This data, together with the design of groundbreaking algorithms and the increase in computing power, has led to impressive progress in different areas and industries, such as self-driving cars, virtual assistants, or the implementation of automated investment (World Economic Forum 2019). The growing importance of data as a driver of business value signifies that data security is now an even more rele
Data Loading...
