Integrated Solution Framework

This chapter focuses on one of the key steps taken towards successful adoption of the new framework. It begins with an analysis, opportunities, presentation, and discussion of the existing frameworks to find out respective strengths and weaknesses as our foundation for proposing a new framework. The chaprter discusses the Integrated Solution Framework (ISF) structure, mathematical formulations, computer algorithms, strengths-weaknesses analysis and effectiveness of ISF for RISC investigation. There are six basic steps to assess risks in relation to ISO 27001, namely risk assessment methodology; risk assessment implementation; treatment implementation; information security assessment report; statement of applicability; and risk treatment plan. ISF is designed for all types of organizations and entities dealing with information security standards. ISF consists of 6 main components identified as domains, namely organization, stakeholder, tool and technology, policy, culture, and knowledge. The ISF is composed of the following six levels: refined question, assessment issue, control, clause, domain, and top domain.