Chapter

Engineering Secure Software and Systems

Volume 6542 of the series Lecture Notes in Computer Science pp 256-263

Idea: A Reference Platform for Systematic Information Security Management Tool Support

  • Ingo MüllerAffiliated withSwinburne University of Technology
  • , Jun HanAffiliated withSwinburne University of Technology
  • , Jean-Guy SchneiderAffiliated withSwinburne University of Technology
  • , Steven VersteegAffiliated withCA Labs, CA Technologies (Pacific)

* Final gross prices may vary according to local VAT.

Get Access

Abstract

The ISO 27001 standard specifies an information security management system (ISMS) as a means to implement security best practices for IT systems. Organisations that implement an ISMS typically experience various challenges such as enforcing a common vocabulary, limiting human errors and integrating existing management tools and security mechanisms. However, ISO 27001 does not provide guidance on these issues because tool support is beyond its scope, leaving organisations to start “from scratch” with manual and usually paper document-driven approaches. We propose a novel reference platform for security management that provides the foundation for systematic and automated ISMS tool support. Our platform consists of a unified information model, an enterprise-level repository and an extensible application and integration platform that aid practitioners in tackling the aforementioned challenges. This paper motivates and outlines the key elements of our approach and presents a first proof-of-concept prototype implementation.