Idea: A Reference Platform for Systematic Information Security Management Tool Support

  • Ingo Müller
  • Jun Han
  • Jean-Guy Schneider
  • Steven Versteeg
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6542)

Abstract

The ISO 27001 standard specifies an information security management system (ISMS) as a means to implement security best practices for IT systems. Organisations that implement an ISMS typically experience various challenges such as enforcing a common vocabulary, limiting human errors and integrating existing management tools and security mechanisms. However, ISO 27001 does not provide guidance on these issues because tool support is beyond its scope, leaving organisations to start “from scratch” with manual and usually paper document-driven approaches. We propose a novel reference platform for security management that provides the foundation for systematic and automated ISMS tool support. Our platform consists of a unified information model, an enterprise-level repository and an extensible application and integration platform that aid practitioners in tackling the aforementioned challenges. This paper motivates and outlines the key elements of our approach and presents a first proof-of-concept prototype implementation.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    ISO/IEC: Information technology — Security techniques — Information security management systems — Requirements. 1st edn. (2005); ISO/IEC 27001:2005(E), International StandardGoogle Scholar
  2. 2.
    ISO/IEC: Information technology — Security techniques — Information security management system implementation guidance. 1st edn. (2010); ISO/IEC 27003:2010(E), International StandardGoogle Scholar
  3. 3.
    Müller, I.: The Information Security Management Information Model (ISM-IM). Technical Report. Swinburne University of Technology (2010), http://www.swinburne.edu.au/ict/research/cs3/rsr/pubs/ISM-IM.pdf
  4. 4.
    Müller, I., Han, J., Schneider, J.G., Versteeg, S.: A Conceptual Framework for Unified and Comprehensive SOA Management. In: Feuerlicht, G., Lamersdorf, W. (eds.) ICSOC 2008. LNCS, vol. 5472, pp. 28–40. Springer, Heidelberg (2009)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Ingo Müller
    • 1
  • Jun Han
    • 1
  • Jean-Guy Schneider
    • 1
  • Steven Versteeg
    • 2
  1. 1.Swinburne University of TechnologyHawthornAustralia
  2. 2.CA LabsCA Technologies (Pacific)MelbourneAustralia

Personalised recommendations