Title :
Using Security Requirements Engineering Approaches to Support ISO 27001 Information Security Management Systems Development and Documentation
Author :
Beckers, Kristian ; Fassbender, S. ; Heisel, Maritta ; Schmidt, Holger
Author_Institution :
Paluno - The Ruhr Inst. for Software Technol., Univ. of Duisburg-Essen, Duisburg, Germany
Abstract :
An ISO 27001 compliant information security management system is difficult to create, due to the the limited support for system development and documentation provided in the standard. We present a structured analysis of the documentation and development requirements in the ISO 27001 standard. Moreover, we investigate to what extent existing security requirements engineering approaches fulfill these requirements. We developed relations between these approaches and the ISO 27001 standard using a conceptual framework originally developed for comparing security requirements engineering methods. The relations include comparisons of important terms, techniques, and documentation artifacts. In addition, we show practical applications of our results.
Keywords :
ISO standards; formal specification; formal verification; security of data; system documentation; ISO 27001 standard; conceptual framework; development requirements; documentation artifacts; documentation requirements; information security management system development; security requirements engineering approach; structured analysis; system documentation; Documentation; ISO standards; Organizations; Risk management; Security; Standards organizations; ISO27000; ISO27001; compliance; requirements engineering; security; security standards;
Conference_Titel :
Availability, Reliability and Security (ARES), 2012 Seventh International Conference on
Conference_Location :
Prague
Print_ISBN :
978-1-4673-2244-7
DOI :
10.1109/ARES.2012.35
