Application of models in information security management

Author

Milicevic, Danijel ; Goeken, Matthias

Author_Institution

IT-Governance-Practice-Network, Frankfurt Sch. of Finance & Manage., Frankfurt am Main, Germany

fYear

2011

fDate

19-21 May 2011

Firstpage

1

Lastpage

6

Abstract

The impact of information technology on business operations is widely recognized and its role in the emergence of new business models is well-known. In order to leverage the benefits of IT-supported business processes the security of the underlying information systems must be managed. Various socalled best-practice models and information security standards have positioned themselves as generic solutions for a broad range of risks. In this paper we inspect the metamodel of the information security standard ISO 27001 and describe its application for a set of generalized phases in information security management. We conclude with a demonstration of its practicality by providing an example of how such a metamodel can be applied, before discussing potential future research.

Keywords

ISO standards; information management; information systems; security of data; ISO 27001 standard; IT-supported business processes; business models; business operations; information security management; information systems; information technology; ISO standards; Information security; Ontologies; Software; Unified modeling language; Application; Information Security Management; Metamodel;

fLanguage

English

Publisher

ieee

Conference_Titel

Research Challenges in Information Science (RCIS), 2011 Fifth International Conference on

Conference_Location

Gosier

ISSN

2151-1349

Print_ISBN

978-1-4244-8670-0

Electronic_ISBN

2151-1349

Type

conf

DOI

10.1109/RCIS.2011.6006850

Filename

6006850