The paper deals with the modelling of the Information Security Management System (ISMS). The ISMS, based on the PDCA (Plan-Do-Check-Act) model, was defined in the BS7799-2:2002 standard. The general model of the ISMS was presented. The paper focuses on the Plan stage elaboration only, basing on the previously identified ISMS business environment. The UML approach allows to achieve more consistent and efficient implementations of the ISMS, supported by the computer tools. The paper shows the possibility of the UML use in the information security domain.

Key words

Information Security Management System ISMS PDCA model IT security framework risk management development computer-aiding security engineering UML modelling 


  1. 1.
    Booch G., Rumbaugh J., Jacobson I.: UML-Przewodnik użytkownika, Wyd. II, WNT, Warszawa 2002, (UML — User Guide).Google Scholar
  2. 2.
    UMLsite Scholar
  3. 3.
    BS-7799-2: 2002 Information security management systems — Specification with guidance for use, British Standard Institution.Google Scholar
  4. 4.
    Jürjens J.: Secure Systems Development with UML, Springer-Verlag, 2004.Google Scholar
  5. 5.
    Galitzer S.: Introducing Engineered Composition (EC): An Approach for Extending the Common Criteria to Better Support Composing Systems, WAEPSD Proc., 2003.Google Scholar
  6. 6.
    Common Criteria for IT Security Evaluation, Part 1–3, ISO/IEC 15408.Google Scholar
  7. 7.
    Lavatelli C.: EDEN: A formal framework for high level security CC evaluations, e-Smart’ 2004, Sophia Antipolis 2004.Google Scholar
  8. 8.
    Kadam Avinash: Implementation Methodology for Information Security Management System, v.l.4b, SANS Institute 2003.Google Scholar
  9. 9.
    Białas A.: IT security modelling, The 2005 International Conference on Security and Management, The World Congress In Applied Computing Las Vegas, June 20–23, 2005.Google Scholar
  10. 10.
    Białas A.: Designing and management framework for ICT Security, Joint Research Centre Cyber-security workshop, Gdansk, 9–11 September 2004.Google Scholar
  11. 11.
    Białas A.: The ISMS Business Environment Elaboration Using a UML Approach, KKIO (National Conference on Software Eng.), Cracow, 2005 (to be published by IOS Press).Google Scholar
  12. 12.
    ISO/IEC TR 13335-3: 1998, Information technology — Guidelines for the management of IT Security, Part3: Techniques for the management of IT Security.Google Scholar
  13. 13.
    IT Grundschutz Handbuch, BSI — Bonn: http://www.bsi.deGoogle Scholar
  14. 14.
    Białas A.: IT security development — computer-aided tool supporting design and evaluation, In: Kowalik J, Górski J., Sachenko A. (editors): Cyberspace Security and Defense: Research Issues, NATO Science Series II, vol. 196, Springer 2005.Google Scholar
  15. 15.
    SecFrame: http://www.iss.plGoogle Scholar

Copyright information

© International Federation for Information Processing 2005

Authors and Affiliations

  • Andrzej Białas
    • 1
  1. 1.Institute of Control SystemsChorzów, Długa 1-3Poland

Personalised recommendations