An Engineering Environment for Supporting Information Security Management Systems
Information Security Management Systems (ISMSs) have been playing an important role to help organizations managing their information securely. However, organizations facing many challenges in from establishment phase to optimization phase of ISMSs because organizations have to perform a lot of tasks with various participants and manage a vast amount of documents. As a result, it is difficult for an organization to establish and maintain a good and effective ISMS. This paper proposes an engineering environment to support organizations with ISMSs which is an engineering environment that integrating various support tools to provide organizations with comprehensives facilities to perform all tasks in ISMS life cycle processes consistently and continuously based on ISO/IEC 27000 series standards.
KeywordsInformation Security Management System ISO/IEC 27000 series standards engineering environment
Unable to display preview. Download preview PDF.
- 2.Bulgurcu, B., Cavusoglu, H., Benbasat, I.: Information Security Policy Compliance: An Empirical Study of Rationality-based Beliefs and Information Security Awareness. Journal of MIS Quarterly 34(3), 523–548 (2010)Google Scholar
- 3.Brykrzynski, B., Small, B.: Securing Your Organization’s Information Assets. Journal of Defense Software Engineering 16(5), 12–16 (2003)Google Scholar
- 4.Cheng, J., Goto, Y., Morimoto, S., Horie, D.: A Security Engineering Environment Based on ISO/IEC Standards: Providing Standard, Formal, and Consistent Supports for Design, Development, Operation, and Maintenance of Secure Information Systems. In: Proceedings of the 2nd International Conference on Information Security and Assurance, ISA 2008, pp. 350–354. IEEE Computer Society Press (2008)Google Scholar
- 5.Dhillon, G.: Information System Security: A Management Challenge. John Wiley & Sons (2005)Google Scholar
- 7.International Organization for Standardization, ISO/IEC 27001:2005, Information Technology – Security Techniques – Information Security Management Systems–Requirements (2005)Google Scholar
- 8.Jang, S., Park, C., Park, Y.: A Study of Effect of Information Security Management System (ISMS) Certification on Organization Performance. International Journal of Computer Science and Network Security 10(3), 10–21 (2010)Google Scholar
- 9.Japan Information Processing Development Corporation, The Numbers of ISMS Certificates, http://www.isms.jipdec.or.jp/english/lst/ind/org2.html
- 10.Organisation for Economic Co-operation and Development: OECD Guidelines for the Security of Information Systems and Networks - Towards a Culture of Security. OECD Publishing (2002)Google Scholar