Skip to main content
SpringerLink
Log in

Framework for the Optimal Design of an Information System to Diagnostic the Enterprise Security Level and Management the Information Risk Based on ISO/IEC-27001

  • Conference paper
  • First Online:
Cyber Security and Computer Science (ICONCS 2020)

Included in the following conference series:

  • 1240 Accesses

Abstract

This paper presents the framework for the optimized development of a digital platform based on ISO/IEC-27001 with the objective of making an initial diagnosis regarding the informatics security level in any company. In addition, the optimization process considers that the diagnostic results should be clear and direct, to making possible the fast security risk mitigation. In particular, the optimization process is based on the analysis of a conventional Management Information System framework in order to propose a novel customized framework for ISO/IEC-27001 applications. Thus, an optimized Management Information System is proposed which is the basis of the optimized digital platform. As preliminary results, the reduction of needed elements for the initial diagnosis for the informatics security promotes the simplicity of the application and thus, increases the possibility of applying the ISO/IEC-27001 to a greater amount of users, which means that it is promoted cybersecurity.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 119.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 159.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Dotsenko, S., Illiashenko, O., Kamenskyi, S., Kharchenko, V.: Integrated security management system for enterprises in industry 4.0. Inf. Secur. Int. J. 43(3), 294–304 (2019)

    Google Scholar 

  2. Almeida, F., Carvalho, I., Cruz, F.: Structure and challenges of a security policy on small and medium enterprises. KSII Trans. Internet Inf. Syst. 12(2), 747–763 (2018)

    Google Scholar 

  3. Liu, Z., Zeng, Y., Yan, Y., Zhang, P., Wang, Y.: Machine learning for analyzing malware. J. Cyber Secur. Mob. 6(3), 227–244 (2017)

    Article  Google Scholar 

  4. Varadharajan, V., Karmakar, K., Tupakula, U., Hitchens, M.: A policy-based security architecture for software-defined networks. IEEE Trans. Inf. Forensics Secur. 14(4), 897–912 (2019)

    Article  Google Scholar 

  5. Polian, I.: Hardware-oriented security. it Inf. Technol. 61(1), 1–2 (2019)

    Google Scholar 

  6. Wagner, M.: The hard truth about hardware in cyber-security: it’s more important. Netw. Secur. 2016(12), 16–19 (2016)

    Article  Google Scholar 

  7. Verma, M., Dhamal, P.: High security of data using steganography with hybrid algorithm. Int. J. Sci. Res. 4(11), 2469–2473 (2015)

    Google Scholar 

  8. Ahmed, S., Nader, M.: New algorithm for wireless network communication security. Int. J. Cryptogr. Inf. Secur. 6(3/4), 01–08 (2016)

    Google Scholar 

  9. Dong, H., Song, Y., Yang, L.: Wide area key distribution network based on a quantum key distribution system. Appl. Sci. 9(6), 1073 (2019)

    Article  Google Scholar 

  10. Mehic, M., Maurhart, O., Rass, S., Voznak, M.: Implementation of quantum key distribution network simulation module in the network simulator NS-3. Quantum Inf. Process. 16(10), 253 (2017)

    Article  MathSciNet  Google Scholar 

  11. Soomro, Z.A., Shah, M.H., Ahmed, J.: Information security management needs more holistic approach: a literature review. Int. J. Inf. Manag. 36(2), 215–225 (2016)

    Article  Google Scholar 

  12. Albrechtsen, E., Hovden, J.: Improving information security awareness and behaviour through dialogue, participation and collective reflection. An intervention study. Comput. Secur. 29(4), 432–445 (2010)

    Article  Google Scholar 

  13. Nazareth, D.L., Choi, J.: A system dynamics model for information security management. Inf. Manag. 52(1), 123–134 (2015)

    Article  Google Scholar 

  14. Phirke, A., Ghorpade-Aher, J.: Best practices of auditing in an organization using ISO 27001 standard. Int. J. Recent Technol. Eng. 8(2S3), 691–695 (2019)

    Google Scholar 

  15. Yunis, M.M., Koong, K.S., Liu, L.C., Kwan, R., Tsang, P.: ICT maturity as a driver to global competitiveness: a national level analysis. Int. J. Account. Inf. Manag. 20(3), 255–281 (2012)

    Article  Google Scholar 

  16. Milian, M.: Sony: Hacker stole PlayStation users’ personal info. http://www.cnn.com/2011/TECH/gaming.gadgets/04/26/playstation.network.hack/index.html. Accessed 21 Nov 2019

  17. Gunaratna, S.: LinkedIn: 2012 data breach much worse than we thought. https://www.cbsnews.com/news/linkedin-2012-data-breach-hack-much-worse-than-we-thought-passwords-emails/. Accessed 21 Nov 2019

  18. Perlroth, N.: All 3 Billion Yahoo Accounts Were Affected by 2013 Attack. The New York Times. https://www.nytimes.com/2017/10/03/technology/yahoo-hack-3-billion-users.html. Accessed 21 Nov 2019

  19. Kelion, L.: EBay makes users change passwords. https://www.bbc.com/news/technology-27503290. Accessed 21 Nov 2019

  20. Anon: Implementing an Information Security Management System—Plan-Do-Check-Act, How to Achieve 27001 Certification, Auerbach Publications (2007)

    Google Scholar 

  21. Smith, P.C.: Decision support systems: tools and techniques. Inf. Process. Manage. 23(6), 651 (1987)

    Article  Google Scholar 

  22. Singh, R., Singhrova, A., Bhatia, R.: Optimized test case generation for object oriented systems using weka open source software. Int. J. Open Source Softw. Process. 9(3), 15–35 (2018)

    Article  Google Scholar 

  23. Sabarguna, B.S.: Management Functions of Information System Components as an Integration Model, Management of Information Systems, InTech (2018)

    Google Scholar 

  24. Ada, Ş., Ghaffarzadeh, M.: Decision making based on management information system and decision support system. Eur. Res. 93(4), 260–269 (2015)

    Google Scholar 

  25. Oppl, S.: Articulation of work process models for organizational alignment and informed information system design. Inf. Manag. 53(5), 591–608 (2016)

    Article  Google Scholar 

  26. Gill, A.Q., Chew, E.: Configuration information system architecture: Insights from applied action design research. Inf. Manag. 56(4), 507–525 (2019)

    Article  Google Scholar 

  27. Caserio, C., Trucco, S.: Relationship between information system and information overload. A preliminary analysis. Int. J. Manag. Inf. Technol. 11(5), 3040–3050 (2016)

    Google Scholar 

  28. Agustino, D.P.: Information Security Management System Analysis Menggunakan ISO/IEC 27001 (Studi Kasus: STMIK STIKOM Bali). Eksplora Informatika 8(1), 1–5 (2018)

    Article  Google Scholar 

  29. Mantra, I.: Implementation: Information Security Management System (ISMS) ISO 27001:2005 at Perbanas University. ACMIT Proc. 1(1), 46–58 (2014)

    Article  Google Scholar 

  30. Disterer, G.: ISO/IEC 27000, 27001 and 27002 for information security management. J. Inf. Secur. 4(2), 92–100 (2013)

    Google Scholar 

  31. Makupi, D.: A design of information security maturity model for universities based on ISO 27001. Int. J. Bus. Manag. 7(6), 134–139 (2019)

    Article  Google Scholar 

  32. Chai, D.T., Wier, J.M.: Information management system: interactive information management systems. Bell Syst. Tech. J. 52(10), 1681–1689 (1973)

    Article  Google Scholar 

  33. Heindel, L.E., Roberto, J.T.: Information management system: the off-the-shelf system-a packaged information management system. Bell Syst. Tech. J. 52(10), 1743–1763 (1973)

    Article  Google Scholar 

  34. Campbell, R.H., Grimshaw, M.: User resistance to information system implementations: a dual-mode processing perspective. Inf. Syst. Manag. 33(2), 179–195 (2016)

    Article  Google Scholar 

  35. Jagodzińska, N.: Key changes to the ISO 9001, ISO 14001, ISO 27001 management standards in the approach to the organizational context including risk management. Transp. Econ. Logist. 78, 103–112 (2018)

    Article  Google Scholar 

  36. Rosa, F.D.F., Jino, M., Bueno, P.M.S., Bonacin, R.: Applying heuristics to the selection and prioritisation of security assessment items in software assessment: the case of ISO/IEC 27001 the case of ISO/IEC 27001. ACTA IMEKO 8(2), 12–20 (2019)

    Article  Google Scholar 

  37. Everett, C.: Is ISO 27001 worth it? Comput. Fraud Secur. 2011(1), 5–7 (2011)

    Article  Google Scholar 

  38. Hoy, Z., Foley, A.: A structured approach to integrating audits to create organisational efficiencies: ISO 9001 and ISO 27001 audits. Total Qual. Manag. Bus. Excell. 26(5–6), 690–702 (2015)

    Article  Google Scholar 

  39. Wahab, M.H.A.-A.A., Ismail, M., Muhayiddin, M.N.: Factors influencing the operational excellence of small and medium enterprise in Malaysia. Int. J. Acad. Res. Bus. Soc. Sci. 6(12), 285–297 (2016)

    Google Scholar 

  40. Nehete, R., Narkhede, B.E., Raut, R.D.: Manufacturing performance and relevance of operational performance to small and medium scale enterprises - literature review. Int. J. Bus. Excell. 10(3), 354–391 (2016)

    Article  Google Scholar 

  41. Choubey, S., Bhargava, A.: Significance of ISO/IEC 27001 in the implementation of governance, risk and compliance. Int. J. Sci. Res. Netw. Secur. Commun. 6(2), 30–33 (2018)

    Google Scholar 

  42. Elbanna, A., Sarker, S.: The risks of agile software development: learning from adopters. IEEE Softw. 33(5), 72–79 (2016)

    Article  Google Scholar 

  43. Roumani, Y., Nwankpa, J.K., Roumani, Y.F.: Adopters’ trust in enterprise open source vendors: an empirical examination. J. Syst. Softw. 125, 256–270 (2017)

    Article  Google Scholar 

  44. Panda, P.S.: Implementation of Information Security Management System (ISMS) aligned with ISO 27001. Int. J. Res. Appl. Sci. Eng. Technol. 7(5), 218–227 (2019)

    Article  Google Scholar 

  45. Makupi, D., Masese, N.: Determining Information Security Maturity Level of an organization based on ISO 27001. Int. J. Comput. Sci. Eng. 6(7), 5–11 (2019)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. CETyS University, 22860, Ensenada, BC, Mexico

    Christopher A. Kanter-Ramirez, Josue A. Lopez-Leyva & Lucia Beltran-Rocha

  2. Softtek S.A. de C.V., 22760, Ensenada, BC, Mexico

    Christopher A. Kanter-Ramirez

  3. University of Applied Sciences Upper Austria, 4600, Wels, Austria

    Dominica Ferková

Authors
  1. Christopher A. Kanter-Ramirez
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Josue A. Lopez-Leyva
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Lucia Beltran-Rocha
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Dominica Ferková
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Josue A. Lopez-Leyva .

Editor information

Editors and Affiliations

  1. Daffodil International University, Dhaka, Bangladesh

    Touhid Bhuiyan

  2. Daffodil International University, Dhaka, Bangladesh

    Md. Mostafijur Rahman

  3. Daffodil International University, Dhaka, Bangladesh

    Md. Asraf Ali

Rights and permissions

Reprints and permissions

Copyright information

© 2020 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Kanter-Ramirez, C.A., Lopez-Leyva, J.A., Beltran-Rocha, L., Ferková, D. (2020). Framework for the Optimal Design of an Information System to Diagnostic the Enterprise Security Level and Management the Information Risk Based on ISO/IEC-27001. In: Bhuiyan, T., Rahman, M.M., Ali, M.A. (eds) Cyber Security and Computer Science. ICONCS 2020. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 325. Springer, Cham. https://doi.org/10.1007/978-3-030-52856-0_1

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-52856-0_1

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-52855-3

  • Online ISBN: 978-3-030-52856-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation