Idea: A Reference Platform for Systematic Information Security Management Tool Support
The ISO 27001 standard specifies an information security management system (ISMS) as a means to implement security best practices for IT systems. Organisations that implement an ISMS typically experience various challenges such as enforcing a common vocabulary, limiting human errors and integrating existing management tools and security mechanisms. However, ISO 27001 does not provide guidance on these issues because tool support is beyond its scope, leaving organisations to start “from scratch” with manual and usually paper document-driven approaches. We propose a novel reference platform for security management that provides the foundation for systematic and automated ISMS tool support. Our platform consists of a unified information model, an enterprise-level repository and an extensible application and integration platform that aid practitioners in tackling the aforementioned challenges. This paper motivates and outlines the key elements of our approach and presents a first proof-of-concept prototype implementation.
Unable to display preview. Download preview PDF.
- 1.ISO/IEC: Information technology — Security techniques — Information security management systems — Requirements. 1st edn. (2005); ISO/IEC 27001:2005(E), International StandardGoogle Scholar
- 2.ISO/IEC: Information technology — Security techniques — Information security management system implementation guidance. 1st edn. (2010); ISO/IEC 27003:2010(E), International StandardGoogle Scholar
- 3.Müller, I.: The Information Security Management Information Model (ISM-IM). Technical Report. Swinburne University of Technology (2010), http://www.swinburne.edu.au/ict/research/cs3/rsr/pubs/ISM-IM.pdf