Information Security Management Systems - A Maturity Model Based on ISO/IEC 27001

2018 ◽  
pp. 102-114 ◽  
Author(s):  
Diogo Proença ◽  
José Borbinha
Keyword(s):  
Information Security ◽  
Security Management ◽  
Management Systems ◽  
Maturity Model ◽  
Information Security Management ◽  
Model Based ◽  
Iec 27001

scholarly journals Development of Awareness and Competences of Employees in the Processes of Information Security Management System

2020 ◽  
Vol 20 (2) ◽  
Author(s):  
Vitomir T. Miladinović
Keyword(s):  
Information Technology ◽  
Information Security ◽  
Management System ◽  
Security Management ◽  
Management Systems ◽  
Information Security Management ◽  
Information Technology Security ◽  
Information Security Management System ◽  
Systems Requirements ◽  
Iec 27001

Based on author’s experiencie, in this we will analyze some issues of awareness and competence development of all employees in the organization in the processes of information security management system (ISMS), in accordance with the requirements of the International Standard SRPS ISO/IEC 27001 Information Technology — Security Techniques — Information Security Management Systems — Requirements.

scholarly journals REQUIREMENTS ANALYSIS METHOD OF INFORMATION SECURITY MANAGEMENT SYSTEMS

2020 ◽  
Vol 1 (9) ◽  
pp. 149-158
Author(s):  
Vasyl Tsurkan
Keyword(s):  
Information Security ◽  
Security Management ◽  
Logical Structure ◽  
Management Systems ◽  
Graphic Notation ◽  
Security Risks ◽  
Information Security Management ◽  
The Individual ◽  
Iec 27001 ◽  
Individual Requirement

The process of analyzing the requirements for information security management systems is considered. The obligation to comply with the requirements of the international standard ISO/IEC 27001 is shown. This provides confidence to stakeholders in the proper management of information security risks with an acceptable level. This is due to the internal and external circumstances of influencing the goal and achieving the expected results of organizations. In addition, the identification of stakeholders, their needs and expectations from the development of information security management systems are also considered. It is established that now the main focus is on taking into account the requirements for the process of developing these systems or to ensure information security in organizations. The transformation of the needs, expectations and related constraints of stakeholders into an appropriate systemic solution has been overlooked. These limitations have been overcome through the method of analyzing the requirements for information security management systems. Its use allows, based on the needs, expectations and related constraints of stakeholders, to identify relevant statements in established syntactic forms. There is need to check each of them for correctness of formulation and compliance with the characteristics of both the individual requirement and the set of requirements. For their systematization, establishment of relations the graphic notation SysML is applied. In view of this, the requirement is considered as a stereotype of a class with properties and constraints. Relationships are used to establish relationships between requirements. Their combination is represented by a diagram in the graphical notation SysML and, as a result, allows you to specify the requirements for information security management systems. In the prospects of further research, it is planned to develop its logical structure on the basis of the proposed method.

scholarly journals Analisis Sistem Manajemen Keamanan Informasi Menggunakan ISO/IEC 27001 : 2013 Serta Rekomendasi Model Sistem Menggunakan Data Flow Diagram pada Direktorat Sistem Informasi Perguruan Tinggi

2016 ◽  
Vol 6 (1) ◽  
pp. 38
Author(s):  
Yuni Cintia Yuze ◽  
Yudi Priyadi ◽  
Candiwan .
Keyword(s):  
Information Security ◽  
Asset Management ◽  
Management System ◽  
Security Management ◽  
Maturity Level ◽  
Information Security Management ◽  
Capability Maturity ◽  
Information Security Management System ◽  
Level 3 ◽  
Iec 27001

The importance of information and the possible risk of disruption, therefore the universities need to designed and implemented of the information security.  One of the standards that can be used to analyze the level of information security in the organization is ISO/IEC 27001 : 2013 and this standard has been prepared to provide requirements for establishing, implementing, maintaining and continually improving an information security management system. The objective of this research is to measure the level of information security based on standard ISO/IEC 27001: 2013 and modeling systems for information security management. This research uses descriptive qualitative approach, data collection and validation techniques with tringulasi (interview, observation and documentation). Data was analyzed using gap analysis and to measure the level of maturity this research uses SSE-CMM (Systems Security Engineering Capability Maturity Model). Based on the research results, Maturity level clause Information Security Policy reaches level 1 (Performed-Informally), clause Asset Management reaches level 3 (Well-Defined), clause Access Control reaches level 3 (Well-Defined), clause Physical and Environmental Security reaches level 3 (Well-Defined), clause Operational Security reaches level 3 (Well-Defined), Communication Security clause reaches the level 2 (Planned and Tracked). Based on the results of maturity level discovery of some weakness in asset management in implementing the policy. Therefore, the modeling system using the flow map and CD / DFD focused on Asset Management System.

Sign in / Sign up

Export Citation Format

Share Document