Towards managing information security knowledge through metamodelling approach

Security of information systems is becomes a major concern for many organizations nowadays as security risks may have a serious impact on the organization´s information assets. Information Security Management (ISM) describes controls that an organization needs to implement to ensure that it is sensibly managing the risks of loss, misuse, disclosure or damage. Thus, it makes ISM knowledge domain is so complex to both its modeling and sharing. The current ISM models do not provide an apparent structure that can be easily reuse to the current situation without an analysis in -depth and this could lead to a waste of time. It is useful to categories and describes the elements, components or aspects of information security management in a unified conceptual model (metamodel) to facilitate knowledge sharing, reuse, modelling and enhancing the communications amongst ISM users. For this purpose, we proposed the Information Security Management Metamodel (ISMM).