Abstract
This paper presents the framework for the optimized development of a digital platform based on ISO/IEC-27001 with the objective of making an initial diagnosis regarding the informatics security level in any company. In addition, the optimization process considers that the diagnostic results should be clear and direct, to making possible the fast security risk mitigation. In particular, the optimization process is based on the analysis of a conventional Management Information System framework in order to propose a novel customized framework for ISO/IEC-27001 applications. Thus, an optimized Management Information System is proposed which is the basis of the optimized digital platform. As preliminary results, the reduction of needed elements for the initial diagnosis for the informatics security promotes the simplicity of the application and thus, increases the possibility of applying the ISO/IEC-27001 to a greater amount of users, which means that it is promoted cybersecurity.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Dotsenko, S., Illiashenko, O., Kamenskyi, S., Kharchenko, V.: Integrated security management system for enterprises in industry 4.0. Inf. Secur. Int. J. 43(3), 294–304 (2019)
Almeida, F., Carvalho, I., Cruz, F.: Structure and challenges of a security policy on small and medium enterprises. KSII Trans. Internet Inf. Syst. 12(2), 747–763 (2018)
Liu, Z., Zeng, Y., Yan, Y., Zhang, P., Wang, Y.: Machine learning for analyzing malware. J. Cyber Secur. Mob. 6(3), 227–244 (2017)
Varadharajan, V., Karmakar, K., Tupakula, U., Hitchens, M.: A policy-based security architecture for software-defined networks. IEEE Trans. Inf. Forensics Secur. 14(4), 897–912 (2019)
Polian, I.: Hardware-oriented security. it Inf. Technol. 61(1), 1–2 (2019)
Wagner, M.: The hard truth about hardware in cyber-security: it’s more important. Netw. Secur. 2016(12), 16–19 (2016)
Verma, M., Dhamal, P.: High security of data using steganography with hybrid algorithm. Int. J. Sci. Res. 4(11), 2469–2473 (2015)
Ahmed, S., Nader, M.: New algorithm for wireless network communication security. Int. J. Cryptogr. Inf. Secur. 6(3/4), 01–08 (2016)
Dong, H., Song, Y., Yang, L.: Wide area key distribution network based on a quantum key distribution system. Appl. Sci. 9(6), 1073 (2019)
Mehic, M., Maurhart, O., Rass, S., Voznak, M.: Implementation of quantum key distribution network simulation module in the network simulator NS-3. Quantum Inf. Process. 16(10), 253 (2017)
Soomro, Z.A., Shah, M.H., Ahmed, J.: Information security management needs more holistic approach: a literature review. Int. J. Inf. Manag. 36(2), 215–225 (2016)
Albrechtsen, E., Hovden, J.: Improving information security awareness and behaviour through dialogue, participation and collective reflection. An intervention study. Comput. Secur. 29(4), 432–445 (2010)
Nazareth, D.L., Choi, J.: A system dynamics model for information security management. Inf. Manag. 52(1), 123–134 (2015)
Phirke, A., Ghorpade-Aher, J.: Best practices of auditing in an organization using ISO 27001 standard. Int. J. Recent Technol. Eng. 8(2S3), 691–695 (2019)
Yunis, M.M., Koong, K.S., Liu, L.C., Kwan, R., Tsang, P.: ICT maturity as a driver to global competitiveness: a national level analysis. Int. J. Account. Inf. Manag. 20(3), 255–281 (2012)
Milian, M.: Sony: Hacker stole PlayStation users’ personal info. http://www.cnn.com/2011/TECH/gaming.gadgets/04/26/playstation.network.hack/index.html. Accessed 21 Nov 2019
Gunaratna, S.: LinkedIn: 2012 data breach much worse than we thought. https://www.cbsnews.com/news/linkedin-2012-data-breach-hack-much-worse-than-we-thought-passwords-emails/. Accessed 21 Nov 2019
Perlroth, N.: All 3 Billion Yahoo Accounts Were Affected by 2013 Attack. The New York Times. https://www.nytimes.com/2017/10/03/technology/yahoo-hack-3-billion-users.html. Accessed 21 Nov 2019
Kelion, L.: EBay makes users change passwords. https://www.bbc.com/news/technology-27503290. Accessed 21 Nov 2019
Anon: Implementing an Information Security Management System—Plan-Do-Check-Act, How to Achieve 27001 Certification, Auerbach Publications (2007)
Smith, P.C.: Decision support systems: tools and techniques. Inf. Process. Manage. 23(6), 651 (1987)
Singh, R., Singhrova, A., Bhatia, R.: Optimized test case generation for object oriented systems using weka open source software. Int. J. Open Source Softw. Process. 9(3), 15–35 (2018)
Sabarguna, B.S.: Management Functions of Information System Components as an Integration Model, Management of Information Systems, InTech (2018)
Ada, Ş., Ghaffarzadeh, M.: Decision making based on management information system and decision support system. Eur. Res. 93(4), 260–269 (2015)
Oppl, S.: Articulation of work process models for organizational alignment and informed information system design. Inf. Manag. 53(5), 591–608 (2016)
Gill, A.Q., Chew, E.: Configuration information system architecture: Insights from applied action design research. Inf. Manag. 56(4), 507–525 (2019)
Caserio, C., Trucco, S.: Relationship between information system and information overload. A preliminary analysis. Int. J. Manag. Inf. Technol. 11(5), 3040–3050 (2016)
Agustino, D.P.: Information Security Management System Analysis Menggunakan ISO/IEC 27001 (Studi Kasus: STMIK STIKOM Bali). Eksplora Informatika 8(1), 1–5 (2018)
Mantra, I.: Implementation: Information Security Management System (ISMS) ISO 27001:2005 at Perbanas University. ACMIT Proc. 1(1), 46–58 (2014)
Disterer, G.: ISO/IEC 27000, 27001 and 27002 for information security management. J. Inf. Secur. 4(2), 92–100 (2013)
Makupi, D.: A design of information security maturity model for universities based on ISO 27001. Int. J. Bus. Manag. 7(6), 134–139 (2019)
Chai, D.T., Wier, J.M.: Information management system: interactive information management systems. Bell Syst. Tech. J. 52(10), 1681–1689 (1973)
Heindel, L.E., Roberto, J.T.: Information management system: the off-the-shelf system-a packaged information management system. Bell Syst. Tech. J. 52(10), 1743–1763 (1973)
Campbell, R.H., Grimshaw, M.: User resistance to information system implementations: a dual-mode processing perspective. Inf. Syst. Manag. 33(2), 179–195 (2016)
Jagodzińska, N.: Key changes to the ISO 9001, ISO 14001, ISO 27001 management standards in the approach to the organizational context including risk management. Transp. Econ. Logist. 78, 103–112 (2018)
Rosa, F.D.F., Jino, M., Bueno, P.M.S., Bonacin, R.: Applying heuristics to the selection and prioritisation of security assessment items in software assessment: the case of ISO/IEC 27001 the case of ISO/IEC 27001. ACTA IMEKO 8(2), 12–20 (2019)
Everett, C.: Is ISO 27001 worth it? Comput. Fraud Secur. 2011(1), 5–7 (2011)
Hoy, Z., Foley, A.: A structured approach to integrating audits to create organisational efficiencies: ISO 9001 and ISO 27001 audits. Total Qual. Manag. Bus. Excell. 26(5–6), 690–702 (2015)
Wahab, M.H.A.-A.A., Ismail, M., Muhayiddin, M.N.: Factors influencing the operational excellence of small and medium enterprise in Malaysia. Int. J. Acad. Res. Bus. Soc. Sci. 6(12), 285–297 (2016)
Nehete, R., Narkhede, B.E., Raut, R.D.: Manufacturing performance and relevance of operational performance to small and medium scale enterprises - literature review. Int. J. Bus. Excell. 10(3), 354–391 (2016)
Choubey, S., Bhargava, A.: Significance of ISO/IEC 27001 in the implementation of governance, risk and compliance. Int. J. Sci. Res. Netw. Secur. Commun. 6(2), 30–33 (2018)
Elbanna, A., Sarker, S.: The risks of agile software development: learning from adopters. IEEE Softw. 33(5), 72–79 (2016)
Roumani, Y., Nwankpa, J.K., Roumani, Y.F.: Adopters’ trust in enterprise open source vendors: an empirical examination. J. Syst. Softw. 125, 256–270 (2017)
Panda, P.S.: Implementation of Information Security Management System (ISMS) aligned with ISO 27001. Int. J. Res. Appl. Sci. Eng. Technol. 7(5), 218–227 (2019)
Makupi, D., Masese, N.: Determining Information Security Maturity Level of an organization based on ISO 27001. Int. J. Comput. Sci. Eng. 6(7), 5–11 (2019)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Kanter-Ramirez, C.A., Lopez-Leyva, J.A., Beltran-Rocha, L., Ferková, D. (2020). Framework for the Optimal Design of an Information System to Diagnostic the Enterprise Security Level and Management the Information Risk Based on ISO/IEC-27001. In: Bhuiyan, T., Rahman, M.M., Ali, M.A. (eds) Cyber Security and Computer Science. ICONCS 2020. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 325. Springer, Cham. https://doi.org/10.1007/978-3-030-52856-0_1
Download citation
DOI: https://doi.org/10.1007/978-3-030-52856-0_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-52855-3
Online ISBN: 978-3-030-52856-0
eBook Packages: Computer ScienceComputer Science (R0)