A circularity of Information and Communication Systems (ICT) implies a sustainable design of associated management systems to comply with Cyber Security (CS), Information Security (IS) and Data Privacy (DP). Due to the rapidly changing of IT infrastructure and the variety of software systems, changes to the workflow processes in activities are becoming more complex in terms of content. At the same time, global and local threats to electronic information and data processing systems are increasing. An effective protection of the information to be protected for the business processes and business practices is of decisive importance for the success of the organization. Against this background, the strategic potential for a sustainable management of global and local risks in combination with a flexibly designed exchange of information within the management systems is largely unexplored. This paper proposes increasing the efficiency of the Risk Management Process (RMP) by adapting the management activities for IS, CS and DP. Through adapted risk management activities, the assessment of potential consequences or opportunities of risks can be quantified towards the application and management of measures. This includes the combination and expansion of implementing strategic elements for the categorization and group consolidation of management systems as well as the prioritization of secure and sustainable measures. Their dependencies are examined to show that the IS, in combination with the other management systems, plays a central role in the model-based standardization of the information elements. In addition, industry-independent and sustainable security disciplines are proposed in order to model the specific security processes or individual security-relevant process steps within existing company processes.

Circularity; information security management; interaction model; risk management process; digitization

Ande, R., Adebisi, B., Hammoudeh, M. and Saleem, J., 2020. Internet of Things: Evolution and technologies from a security perspective. Sustainable Cities and Society, 54(07), p.101728.

Bakator, M.; Ðord¯evic´, D.; C´ oc´kalo, D. Developing a model for improving business and competitiveness of domestic enterprises. J. Eng. Manag. Comp. 2019, 2, 87–96.

Bhamare, D., Zolanvari, M., Erbad, A., Jain, R., Khan, K. and Meskin, N., 2020. Cybersecurity for industrial control systems: A survey. Computers and Security, 89, p.101677.

Carpenter, V.L. and Feroz, E.H., 2001. Institutional theory and accounting rule choice: an analysis of four US state governments’ decisions to adopt generally accepted accounting principles. Accounting, Organizations and Society, 26, pp.565-96.

Cho, C.S., Chung, W.H. and Kuo, S.Y., 2016. Cyberphysical Security and Dependability Analysis of Digital Control Systems in Nuclear Power Plants. IEEE Transactions on Systems, Man, and Cybernetics: Systems, 46(3), pp.356–369.

Choi, S.M., Kim, R.H., Kim, G.Y., Lee, H.K., Gim, G.Y. and Kim, J.B., 2016. A study of effective defense-in-depth strategy of cyber security on ICS. International Journal of Security and its Applications, 10(5), pp.235–242.

Da Veiga, A. and Eloff, J.H.P., 2010. A framework and assessment instrument for information security culture. Computers & Security, 29(2), pp.196-207.

Fogoroș, T.E., Olaru, M., Bitan, G.E., and Dijmărescu, E., 2021. The Risks of Agile Methods in the Context of Digital Transformation. In: R. Pamfilie,V. Dinu, L. Tăchiciu, D. Pleșea, C. Vasiliu eds. 2021. 7th BASIQ International Conference on New Trends in Sustainable Business and Consumption. Foggia, Italy, 3-5 June 2021. Bucharest: ASE, pp.756-764.

Fuertes, W., Reyes, F., Valladares, P., Tapia, F., Toulkeridis, T. and Pérez, E., 2017. An Integral Model to Provide Reactive and Proactive Services in an Academic CSIRT Based on Business Intelligence. Systems, 5(4), p.52. https://doi.org/10.3390/systems5040052.

Ganin, A.A., Quach, P., Panwar, M., Collier, Z.A., Keisler, J.M., Marchese, D. and Linkov, I., 2020. Multicriteria Decision Framework for Cybersecurity Risk Assessment and Management. Risk Analysis, 40(1), pp.183–199.

Grigorescu, A. & Mocanu Niculae, A. (2020). Teleworking perspectives for Romanian SMEs after the COVID-19 pandemic. Management Dynamics in the Knowledge Economy, 8(4), 383-399, doi: 10.2478/mdke-2020-0025.

Järveläinen, J., 2012. Information security and business continuity management in interorganizational IT relationships. Information Management & Computer Security, 20(5), pp.332–349.

Järvsoo, M., Norta, A., Tsap, V., Pappel, I. and Draheim, D., 2018. Implementation of information security in the EU information systems: An Estonian case study. In: Lecture Notes in Computer Science. Cham: Springer International Publishing AG, pp.150–163.

Kim, S., Kim, S., Nam, K.H., Kim, S. and Kwon, K.H., 2019. Cyber security strategy for nuclear power plant through vital digital assets. Proceedings - 6th Annual Conference on Computational Science and Computational Intelligence, CSCI 2019, pp.224–226.

Lampe, G.S., Olaru, M., Fogoros, T.E. and Massner, S.,2022. Critical Success Factor for Integration of Cyber Security in Context of Managed Services. In: R. Pamfilie, V. Dinu, C. Vasiliu, D. Pleșea, L. Tăchiciu eds. 2022. 8th BASIQ International Conference on New Trends in Sustainable Business and Consumption. Graz, Austria, 25-27 May 2022. Bucharest: ASE, pp. 911-919. DOI: 10.24818/BASIQ/2022/08/098

Li, X. and Hedman, K.W., 2020. Enhancing Power System Cyber-Security with Systematic Two-Stage Detection Strategy. IEEE Transactions on Power Systems, 35(2), pp.1549–1561.

Marquardt, K., Olaru, M., Golowko, N. and Kiehne, J., 2018. Study on Economic Trends , Drivers and Developments of the 21 St Century. In: R. Pamfilie, V. Dinu, L. Tachiciu, D. Plesea and V. Cristinel, eds., BASIQ The 4th international Conference on New Trends in Sustainable Business and Consumption. Heidelberg: ASE, pp.65–73.

Niemimaa, E. and Niemimaa, M., 2017. Information systems security policy implementation in practice: From best practices to situated practices. European Journal of Information Systems, 26(1), pp.1–20.

Pandey, S., Singh, R.K., Gunasekaran, A. and Kaushik, A., 2020. Cyber security risks in globalized supply chains: conceptual framework. Journal of Global Operations and Strategic Sourcing, 13(1), pp.103–128.

Popescu, L.; Iancu, A.; Avram, M.; Avram, D.; Popescu, V. The Role of Managerial Skills in the Sustainable Development of SMEs in Mehedinti County, Romania. Sustainability 2020, 12, 1119.

Štitilis, D., Rotomskis, I., Laurinaitis, M., Nadvynychnyy, S. and Khorunzhak, N., 2020. National cyber security strategies: management, unification and assessment. Independent Journal of Management & Production, 11(9), Article number: 2341.

Sunday, C.E. and Vera, C.C.-E., 2018. Examining information and communication technology (ICT) adoption in SMEs: A dynamic capabilities approach. Journal of Enterprise Information Management, 31(2), pp.338–356. https://doi.org/10.1108/JEIM-12-2014-0125.