Abstract
The paper deals with the modelling of the Information Security Management System (ISMS). The ISMS, based on the PDCA (Plan-Do-Check-Act) model, was defined in the BS7799-2:2002 standard. The general model of the ISMS was presented. The paper focuses on the Plan stage elaboration only, basing on the previously identified ISMS business environment. The UML approach allows to achieve more consistent and efficient implementations of the ISMS, supported by the computer tools. The paper shows the possibility of the UML use in the information security domain.
Chapter PDF
Key words
References
Booch G., Rumbaugh J., Jacobson I.: UML-Przewodnik użytkownika, Wyd. II, WNT, Warszawa 2002, (UML — User Guide).
UMLsite http://www.omg.org/uml/
BS-7799-2: 2002 Information security management systems — Specification with guidance for use, British Standard Institution.
Jürjens J.: Secure Systems Development with UML, Springer-Verlag, 2004.
Galitzer S.: Introducing Engineered Composition (EC): An Approach for Extending the Common Criteria to Better Support Composing Systems, WAEPSD Proc., 2003.
Common Criteria for IT Security Evaluation, Part 1–3, ISO/IEC 15408.
Lavatelli C.: EDEN: A formal framework for high level security CC evaluations, e-Smart’ 2004, Sophia Antipolis 2004.
Kadam Avinash: Implementation Methodology for Information Security Management System, v.l.4b, SANS Institute 2003.
Białas A.: IT security modelling, The 2005 International Conference on Security and Management, The World Congress In Applied Computing Las Vegas, June 20–23, 2005.
Białas A.: Designing and management framework for ICT Security, Joint Research Centre Cyber-security workshop, Gdansk, 9–11 September 2004.
Białas A.: The ISMS Business Environment Elaboration Using a UML Approach, KKIO (National Conference on Software Eng.), Cracow, 2005 (to be published by IOS Press).
ISO/IEC TR 13335-3: 1998, Information technology — Guidelines for the management of IT Security, Part3: Techniques for the management of IT Security.
IT Grundschutz Handbuch, BSI — Bonn: http://www.bsi.de
Białas A.: IT security development — computer-aided tool supporting design and evaluation, In: Kowalik J, Górski J., Sachenko A. (editors): Cyberspace Security and Defense: Research Issues, NATO Science Series II, vol. 196, Springer 2005.
SecFrame: http://www.iss.pl
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 International Federation for Information Processing
About this paper
Cite this paper
Białas, A. (2005). A UML Approach in the ISMS Implementation. In: Dowland, P., Furnell, S., Thuraisingham, B., Wang, X.S. (eds) Security Management, Integrity, and Internal Control in Information Systems. IICIS 2004. IFIP International Federation for Information Processing, vol 193. Springer, Boston, MA. https://doi.org/10.1007/0-387-31167-X_18
Download citation
DOI: https://doi.org/10.1007/0-387-31167-X_18
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-29826-9
Online ISBN: 978-0-387-31167-8
eBook Packages: Computer ScienceComputer Science (R0)