Abstract
The paper presents a risk-based integrated platform for the information and e-services security management related to the Information Security Managements System (ISMS) concept. The current state of the work is shown, including the UML-based methodology, and the incrementally developed computer-aided tool prototype. The assumptions of the integrated platform can be specified on the basis of sampled experiences from the first deployment and case studies, an analysis of standards, legal requirements and technology, and a study of the needs and requirements of various organizations. It is assumed that the common and enhanced assets inventory will integrate information security, business continuity and IT services management processes. The paper concludes the current, initial state of the work and defines its further directions.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
BS-7799-2. ISMS – Specification with guidance for use. British Standard Institution (2002)
ISO/IEC 17799. Code of practice for information security management (2000)
SecFrame, http://cbst.www.iss.pl
ISO/IEC 20000-1. IT – Service management. Specification (2005)
ISO/IEC 20000-2. IT – Service management. Code of practice (2005)
ISO/IEC 15443. A framework for IT security assurance (Part 1-3) (2005)
Białas, A.: A UML approach in the ISMS implementation. In: IFIP 11.1 & 11.5 Working Conference, Fairfax (VA). Springer, Heidelberg (2005)
Białas, A.: The ISMS Business Environment Elaboration Using a UML Approach. In: Zieliński, K., Szmuc, T. (eds.) Software Engineering: Evolution and Emerging Technologies, pp. 99–110. IOS Press, Amsterdam (2005)
Białas, A.: IT security modelling. In: Arabnia, H.R., He, L., Mun, Y. (eds.) Proc. of the 2005 International Conf. on Security and Management – SAM 2005, Las Vegas, pp. 502–505. CSREA Press (2005)
ISO/IEC TR 13335-3, Guidelines for the management of IT Security (GMITS), Part 3
ITIL, http://www.itsmf.com
Cobit, Isaca, https://www.isaca.org
BSI PAS 56. Guide to Business Continuity Management (2003)
Callio Secura 17799, http://www.callio.com
Proteus Enterprise, http://www.infogov.co.uk
Cobra, http://www.riskworld.net
Cora, http://www.ist-usa.com/
Coras, http://coras.sourceforge.net
Cramm, http://www.ogc.goc.uk
Ebios, http://www.ssi.gouv.fr
Ezrisk, http://www.ezrisk.co.uk/
Mehari, R.: http://www.clusif.asso.fr ; http://www.risicare.fr/
Octave, http://www.sei.cmu.edu
Riskpack, http://www.cpacsweb.com
IT Grundschutz, http://www.bsi.bund.de
Aligning Cobit, ITIL and ISO 17799 for business benefit. IT Governance, OGC, itSMF (2005)
Eesa, http://www.itcon-ltd.com
Białas, A.: IT security development – computer-aided tool supporting design and evaluation. In: Kowalik, J., Gorski, J., Sachenko, A. (eds.) Cyberspace Security and Defense. Research Issues. NATO Science Series II, vol. 196, pp. 3–23. Springer, Dordrecht (2005)
Białas, A.: The Assets Inventory for the Information and Communication Technologies Security Management. Archiwum Informatyki Teoretycznej i Stosowanej. Polska Akademia Nauk. 16(2), 93–108 (2004)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Białas, A. (2006). Development of an Integrated, Risk-Based Platform for Information and E-Services Security. In: Górski, J. (eds) Computer Safety, Reliability, and Security. SAFECOMP 2006. Lecture Notes in Computer Science, vol 4166. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11875567_24
Download citation
DOI: https://doi.org/10.1007/11875567_24
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-45762-6
Online ISBN: 978-3-540-45763-3
eBook Packages: Computer ScienceComputer Science (R0)