Using Security Requirements Engineering Approaches to Support ISO 27001 Information Security Management Systems Development and Documentation

Author

Beckers, Kristian ; Fassbender, S. ; Heisel, Maritta ; Schmidt, Holger

Author_Institution

Paluno - The Ruhr Inst. for Software Technol., Univ. of Duisburg-Essen, Duisburg, Germany

fYear

2012

Firstpage

242

Lastpage

248

Abstract

An ISO 27001 compliant information security management system is difficult to create, due to the the limited support for system development and documentation provided in the standard. We present a structured analysis of the documentation and development requirements in the ISO 27001 standard. Moreover, we investigate to what extent existing security requirements engineering approaches fulfill these requirements. We developed relations between these approaches and the ISO 27001 standard using a conceptual framework originally developed for comparing security requirements engineering methods. The relations include comparisons of important terms, techniques, and documentation artifacts. In addition, we show practical applications of our results.

Keywords

ISO standards; formal specification; formal verification; security of data; system documentation; ISO 27001 standard; conceptual framework; development requirements; documentation artifacts; documentation requirements; information security management system development; security requirements engineering approach; structured analysis; system documentation; Documentation; ISO standards; Organizations; Risk management; Security; Standards organizations; ISO27000; ISO27001; compliance; requirements engineering; security; security standards;

fLanguage

English

Publisher

ieee

Conference_Titel

Availability, Reliability and Security (ARES), 2012 Seventh International Conference on

Conference_Location

Prague

Print_ISBN

978-1-4673-2244-7

Type

conf

DOI

10.1109/ARES.2012.35

Filename

6329189