Title :
Information Security Integral Engineering Technique and its Application in ISMS Design
Author :
Lyubimov, Alexander ; Cheremushkin, Dmitry ; Andreeva, Natalia ; Shustikov, Sergey
Author_Institution :
Dept. of Manage. & Inf. Technol., St. Petersburg State Polytech. Univ., St. Petersburg, Russia
Abstract :
This paper proposes a technique for the design and implementation of the information security management system (ISMS) for small and medium enterprises (SMEs). The technique is based on ISO 27001 standard ISMS requirements object model. The model was designed using methods and tools of the information security integral engineering (ISIE) framework, so the first part of the paper also briefly describes some features, components and engineering methods within the ISIE framework, which are important in practical applications but were presented insufficiently or were not presented at all in the previous papers. Along with the description of a general ISMS design and implementation method, the paper provides an example of the application of this method to design ISMS for city medium telecommunication SME. The paper also gives the evaluation of the technique´s efficiency.
Keywords :
ISO standards; security of data; small-to-medium enterprises; ISIE framework; ISMS design; ISO 27001 standard; SME; information security integral engineering; information security management system; small and medium enterprises; IEC standards; ISO standards; Information security; Organizations; Standards organizations; Unified modeling language;
Conference_Titel :
Availability, Reliability and Security (ARES), 2011 Sixth International Conference on
Conference_Location :
Vienna
Print_ISBN :
978-1-4577-0979-1
Electronic_ISBN :
978-0-7695-4485-4
DOI :
10.1109/ARES.2011.121