Title :
Practical approach of a secure management system based on ISO/IEC 17799
Author :
Sánchez, Luís Enrique ; Villafranca, Daniel ; Fernández-Medina, Eduardo ; Piattini, Mario
Author_Institution :
SICAMAN NT, Ciudad Real, Spain
Abstract :
For enterprises to be able to properly use information and communications technologies, it is necessary to have guides, metrics and tools that allow us to always know the level of our security and the points in which we are not covering it. In small and medium-size enterprises, the application of security standards has an additional problem, that is, the fact that they do not have enough resources to perform an appropriate management. In this article we analyze some of the existing maturity models and we compare them to the maturity model we are applying in practice. Finally we introduce a first approach to a scoreboard which is being developed as part of a security management tool for IT systems. This approach is being directly applied to real cases and it is obtaining a constant improvement in its application.
Keywords :
IEC standards; ISO standards; security of data; small-to-medium enterprises; ISO/IEC 17799; information and communications technologies; information security management system; maturity model; secure management system; security standards; small and medium-size enterprises; Computer security; Data security; IEC standards; ISO standards; Information security; Information systems; Project management; Protection; Research and development; Resource management;
Conference_Titel :
Availability, Reliability and Security, 2006. ARES 2006. The First International Conference on
Print_ISBN :
0-7695-2567-9
DOI :
10.1109/ARES.2006.94
