An Engineering Environment for Supporting Information Security Management Systems

  • Ahmad Iqbal Hakim Suhaimi
  • Yuichi Goto
  • Jingde Cheng
Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 339)


Information Security Management Systems (ISMSs) have been playing an important role to help organizations managing their information securely. However, organizations facing many challenges in from establishment phase to optimization phase of ISMSs because organizations have to perform a lot of tasks with various participants and manage a vast amount of documents. As a result, it is difficult for an organization to establish and maintain a good and effective ISMS. This paper proposes an engineering environment to support organizations with ISMSs which is an engineering environment that integrating various support tools to provide organizations with comprehensives facilities to perform all tasks in ISMS life cycle processes consistently and continuously based on ISO/IEC 27000 series standards.


Information Security Management System ISO/IEC 27000 series standards engineering environment 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Ashenden, D.: Information Security Management: A Human Challenge? Journal of Information Security Technical Report 13(4), 195–201 (2008)CrossRefGoogle Scholar
  2. 2.
    Bulgurcu, B., Cavusoglu, H., Benbasat, I.: Information Security Policy Compliance: An Empirical Study of Rationality-based Beliefs and Information Security Awareness. Journal of MIS Quarterly 34(3), 523–548 (2010)Google Scholar
  3. 3.
    Brykrzynski, B., Small, B.: Securing Your Organization’s Information Assets. Journal of Defense Software Engineering 16(5), 12–16 (2003)Google Scholar
  4. 4.
    Cheng, J., Goto, Y., Morimoto, S., Horie, D.: A Security Engineering Environment Based on ISO/IEC Standards: Providing Standard, Formal, and Consistent Supports for Design, Development, Operation, and Maintenance of Secure Information Systems. In: Proceedings of the 2nd International Conference on Information Security and Assurance, ISA 2008, pp. 350–354. IEEE Computer Society Press (2008)Google Scholar
  5. 5.
    Dhillon, G.: Information System Security: A Management Challenge. John Wiley & Sons (2005)Google Scholar
  6. 6.
    Fal, A.M.: Standardization in Information Security Management. Journal of Cybernetics and Systems Analysis 46(3), 512–515 (2010)CrossRefGoogle Scholar
  7. 7.
    International Organization for Standardization, ISO/IEC 27001:2005, Information Technology – Security Techniques – Information Security Management Systems–Requirements (2005)Google Scholar
  8. 8.
    Jang, S., Park, C., Park, Y.: A Study of Effect of Information Security Management System (ISMS) Certification on Organization Performance. International Journal of Computer Science and Network Security 10(3), 10–21 (2010)Google Scholar
  9. 9.
    Japan Information Processing Development Corporation, The Numbers of ISMS Certificates,
  10. 10.
    Organisation for Economic Co-operation and Development: OECD Guidelines for the Security of Information Systems and Networks - Towards a Culture of Security. OECD Publishing (2002)Google Scholar
  11. 11.
    Siponena, M., Willison, R.: Information security management standards: Problems and solutions. Journal of Information & Management 46(5), 267–270 (2009)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Ahmad Iqbal Hakim Suhaimi
    • 1
  • Yuichi Goto
    • 1
  • Jingde Cheng
    • 1
  1. 1.Department of Information and Computer ScienceSaitama UniversityJapan

Personalised recommendations