Dinh Uy Tran

Forsker

English version of this page

E-post dinhut@ifi.uio.no

Brukernavn

Besøksadresse Gaustadalléen 23B 0373 Oslo

Postadresse Postboks 1032 Blindern 0315 Oslo

Last ned visittkort

Dinh Uy Tran har en doktorgrad i informasjonssikkerhet fra Universitetet i Oslo og jobber som spesialrådgiver hos Sykehuspartner Helseforetak. Han har over ti års erfaring innen helsesektoren og informasjonssikkerhet med erfaring i fagområder som informasjonssikkerhetsstyring, informasjonssikkerhetsledelse, risikostyring, hendelseshåndtering, beredskap, deteksjon og som informasjonssikkerhetsleder / Chief Information Security Officer (CISO).

Dinh Uy Tran er i tillegg sertifisert i CISSP, CISSP-ISSMP, CISM, CRISC og ISO27001 Senior Implementer.

For tiden er han aktuell med boken «Informasjonssikkerhetsledelse – En holistisk tilnærming» som ble utgitt den 14.04-23 av Cappelen Damm Akademisk.

Emneord: Information Security Governance, Information Security Management, Risk Management, Information Security Management System (ISMS), Business Continuity Management, Cybersecurity, Process Management

Tran, Dinh Uy & Jøsang, Audun (2023). Business Language for Information Security. I Furnell, Steven & Clarke, Nathan (Red.), Human Aspects of Information Security and Assurance: 17th IFIP WG 11.12 International Symposium, HAISA 2023, Kent, UK, July 4–6, 2023, Proceedings. Springer. ISSN 978-3-031-38530-8. s. 169–180. doi: 10.1007/978-3-031-38530-8_14.
Tran, Dinh Uy & Jøsang, Audun (2022). Information Security Posture to Organize and Communicate the Information Security Governance Program. I Matos, Florinda & Rosa, Alvaro (Red.), Proceedings of the 18th European Conference on Management Leadership and Governance. Academic Conferences International (ACI). ISSN 978-1-914587-58-0. s. 515–522. doi: https:/doi.org/10.34190/ecmlg.18.1.729. Fulltekst i vitenarkiv Vis sammendrag
Information security practice has evolved greatly from being mostly a technical concern to also becoming a concern of executive management. As a result, there are many different frameworks, guidelines and certification programs for information security governance (ISG) and management. The purpose of these standards and certification programs is to help an organization develop a structured approach for governing and managing information security. However, these standards and guidelines are generic and not tailored for any specific organization. These frameworks usually specify “what” should be implemented but not “how”. Additionally, these frameworks do not specify “how” to communicate the information security posture (ISP) to the executive management in a simplistic manner. This paper first defines and conceptualizes the term information security posture, and then proposes a framework on “how” to communicate and organize the ISP. Our contribution complements ISG programs adopted by organizations to give executive management a better understanding and oversight. We argue that describing the ISP of an organization will support well-informed decision-making while ensuring alignment with business objectives.

Se alle arbeider i Cristin

Tran, Dinh Uy (2023). Informasjonssikkerhetsledelse - En holistisk tilnærming. Cappelen Damm Akademisk. ISBN 978-82-02-75464-8. 236 s.

Se alle arbeider i Cristin

Tran, Dinh Uy (2023). Holistic Understanding of Information Security Posture. Faculty of Mathematics and Natural Sciences, University of Oslo. ISSN 1501-7710.

Se alle arbeider i Cristin

Publisert 1. apr. 2022 09:59 - Sist endret 31. jan. 2024 12:17

Dinh Uy Tran

Publikasjoner

Forskergrupper