Abstract
Information Security Management Systems (ISMSs) have been playing an important role to help organizations managing their information securely. However, organizations facing many challenges in from establishment phase to optimization phase of ISMSs because organizations have to perform a lot of tasks with various participants and manage a vast amount of documents. As a result, it is difficult for an organization to establish and maintain a good and effective ISMS. This paper proposes an engineering environment to support organizations with ISMSs which is an engineering environment that integrating various support tools to provide organizations with comprehensives facilities to perform all tasks in ISMS life cycle processes consistently and continuously based on ISO/IEC 27000 series standards.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Ashenden, D.: Information Security Management: A Human Challenge? Journal of Information Security Technical Report 13(4), 195–201 (2008)
Bulgurcu, B., Cavusoglu, H., Benbasat, I.: Information Security Policy Compliance: An Empirical Study of Rationality-based Beliefs and Information Security Awareness. Journal of MIS Quarterly 34(3), 523–548 (2010)
Brykrzynski, B., Small, B.: Securing Your Organization’s Information Assets. Journal of Defense Software Engineering 16(5), 12–16 (2003)
Cheng, J., Goto, Y., Morimoto, S., Horie, D.: A Security Engineering Environment Based on ISO/IEC Standards: Providing Standard, Formal, and Consistent Supports for Design, Development, Operation, and Maintenance of Secure Information Systems. In: Proceedings of the 2nd International Conference on Information Security and Assurance, ISA 2008, pp. 350–354. IEEE Computer Society Press (2008)
Dhillon, G.: Information System Security: A Management Challenge. John Wiley & Sons (2005)
Fal, A.M.: Standardization in Information Security Management. Journal of Cybernetics and Systems Analysis 46(3), 512–515 (2010)
International Organization for Standardization, ISO/IEC 27001:2005, Information Technology – Security Techniques – Information Security Management Systems–Requirements (2005)
Jang, S., Park, C., Park, Y.: A Study of Effect of Information Security Management System (ISMS) Certification on Organization Performance. International Journal of Computer Science and Network Security 10(3), 10–21 (2010)
Japan Information Processing Development Corporation, The Numbers of ISMS Certificates, http://www.isms.jipdec.or.jp/english/lst/ind/org2.html
Organisation for Economic Co-operation and Development: OECD Guidelines for the Security of Information Systems and Networks - Towards a Culture of Security. OECD Publishing (2002)
Siponena, M., Willison, R.: Information security management standards: Problems and solutions. Journal of Information & Management 46(5), 267–270 (2009)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Suhaimi, A.I.H., Goto, Y., Cheng, J. (2012). An Engineering Environment for Supporting Information Security Management Systems. In: Kim, Th., et al. Computer Applications for Security, Control and System Engineering. Communications in Computer and Information Science, vol 339. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-35264-5_5
Download citation
DOI: https://doi.org/10.1007/978-3-642-35264-5_5
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-35263-8
Online ISBN: 978-3-642-35264-5
eBook Packages: Computer ScienceComputer Science (R0)