Skip to main content

Developing an Information Security Management System for Libraries Based on an Improved Risk Analysis Methodology Compatible with ISO/IEC 27001

  • Conference paper
  • First Online:
Advances in Emerging Trends and Technologies (ICAETT 2019)

Abstract

This paper describes a new risk analysis methodology for libraries based on steps filtered from existing methodologies that are compatible with the ISO/IEC 27000: 2013 standard. After analyzing MAGERIT, OCTAVE and NIST 800-30 risk analysis methodologies, the most important steps were identified and those that do not fit in library type of organization were discarded. Once the methodology was created, it was tested through a real implementation in the Library system of a university to verify its benefits.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
EUR 32.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or Ebook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 129.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 169.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    Appendices and Forms associated with this study can be downloaded from: https://tinyurl.com/newriskmethodology.

References

  1. Bayona, S., Chauca, W., Lopez, M., Maldonado, C.: Implementación de la NTP ISO/IEC 27001 en las Instituciones Publicas: Caso de Estudio. In: Web of Science, p. 6 (2015)

    Google Scholar 

  2. Esquema Nacional de Seguridad, MAGERIT – versión 3.0 Metodología de Análisis y Gestión de Riesgos de los Sistemas de Información Libro I - Método, Madrid: Ministerio de Hacienda y Administraciones Públicas (2012)

    Google Scholar 

  3. Alberts, C.J., Dorofee, A.J., Allen, J.H.: OCTAVE Catalog of Practices, Version 2.0, October 2001. https://resources.sei.cmu.edu/asset_files/TechnicalReport/2001_005_001_13883.pdf

  4. National Institute of Standards and Technology, NIST Special Publication 800-30, Septiembre 2012. https://nvlpubs.nist.gov/nistpubs/legacy/sp/nistspecialpublication800-30r1.pdf

  5. Vivancos Cerezo, M.E.: La seguridad en bibliotecas universitarias: normas y auditoría, 06 Agosto 2018. http://eprints.rclis.org/16220/1/Seguridad_informacion_en_BU_v1.pdf

  6. Livshitz, I.I., Nikiforova, K.A.: The Evaluation of the Electronic Services with Accordance to IT-security Requirements Based on ISO/IEC 27001, pp. 128–131. IEEE (2016)

    Google Scholar 

  7. Narvaez Barreiros, I.R.: Aplicación de la norma ISO 27001 para la implementación de un SGSI en la Fiscalía General del Estado, 07 August 2018. http://repositorio.puce.edu.ec/bitstream/handle/22000/9780/TESIS_SGSI.pdf?sequence=1&isAllowed=y

  8. Rodal Castro, P.: Implementation Plan for an ISMS according to ISO/IEC 27001:2013, 30 Diciembre 2016. http://openaccess.uoc.edu/webapps/o2/bitstream/10609/59325/8/prodalTFM1216mem%C3%B2ria.pdf

  9. Susanto, A.., Nurbojatmiko, Shobariah, E.: Assessment of ISMS based on standard ISO/IEC 27001:2013 at DISKOMINFO Depok City. In: Web of Science (2016)

    Google Scholar 

  10. Susanto, H., Nabil Almunawar, M., Chee Tuan, Y.: Information security management system standards: a comparative study of the big five. Int. J. Electr. Comput. Sci. 11(5), 23–29 (2017)

    Google Scholar 

  11. Valencia-Duque, F.J., Orozco-Alzate, M.: Metodología para la implementación de un Sistema de Gestión de Seguridad de la Información basado en la familia de normas ISO/IEC 27000. Revista Ibérica de Sistemas y Tecnologías de Información (2017)

    Google Scholar 

  12. INTERNATIONAL STANDARD ISO/IEC 27001, 1st edn. ( 2013)

    Google Scholar 

  13. INTERNATIONAL STANDARD ISO/IEC 27002, 1st edn. (2013)

    Google Scholar 

  14. Aginsa, A., Matheus Edward, I.Y., Shalannanda, W.: Enhanced Information Security Management System Framework Design Using ISO 27001 and Zachman Framework a Study Case of XYZ Company. IEEE (2016)

    Google Scholar 

  15. Disterer, G.: ISO/IEC 27000, 27001 and 27002 for information security management. J. Inf. Secur. 4(2), 92–100 (2013)

    Google Scholar 

  16. Bravo, M.J., Portilla, M.F.: Desarrollo de una interfaz biometrica para el modulo de prestamo del sistema de bibliotecas de la Escuela Politecnica Nacional, 22 May 2015. http://bibdigital.epn.edu.ec/handle/15000/10528

  17. Instituto Nacional de Tecnologías de la Comunicación. Implantación de un SGSIen la empresa. https://www.incibe.es/extfrontinteco/img/File/intecocert/sgsi/img/Guia_apoyo_SGSI.pdf

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Sang Guun Yoo .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Bravo Ramos, M.J., Yoo, S.G. (2020). Developing an Information Security Management System for Libraries Based on an Improved Risk Analysis Methodology Compatible with ISO/IEC 27001. In: Botto-Tobar, M., León-Acurio, J., Díaz Cadena, A., Montiel Díaz, P. (eds) Advances in Emerging Trends and Technologies. ICAETT 2019. Advances in Intelligent Systems and Computing, vol 1067. Springer, Cham. https://doi.org/10.1007/978-3-030-32033-1_34

Download citation

Publish with us

Policies and ethics