A Huiristic Method for Information Scaling in Manufacturing Organizations

Protecting information assets is very vital to the core survival of an organization. By increasing in cyber-attacks and viruses worldwide, it has become essential for organizations to adopt innovative and rigorous procedures to keep these vital assets out of the reach of exploiters. Although worldwide complying with an international information security standard such as ISO 27001 has been raised, with over 7000 registered certificates, few Iranian companies are under ISO 27001 certified. Also organization needs to perform a risk assessment in order to determine the organization s asset exposure to risk and determine the best way to manage this. The determination of risk within the methodology is based upon the standard formula, which the risk is calculated from the multiplication of the asset value, threats and vulnerability. The ISO 27001 requires is that An appropriate risk assessment shall be undertaken . One of the main factors for risk assessment is identifying and scoring of Information asset in this process. Due to different values of asset in organizations, the main purpose of this study is to identify and investigate a weighted method to assign different values of assets in order to minimize vulnerability in manufacturing systems. This study also aims at improving asset value scoring by using heuristic methods. A real world case study was selected for implementation of this approach based on ISO27001` in Iran.