• DocumentCode
    182014
  • Title

    Evaluating the Effectiveness of ISO 27001: 2013 Based on Annex A

  • Author

    Shojaie, Bahareh ; Federrath, Hannes ; Saberi, Iman

  • Author_Institution
    Univ. of Hamburg, Hamburg, Germany
  • fYear
    2014
  • fDate
    8-12 Sept. 2014
  • Firstpage
    259
  • Lastpage
    264
  • Abstract
    The part of the management system of an organization dealing with information security is called Information Security Management System (ISMS). The most adopted ISMS standard is ISO 27001:2005. The 2005 version of the standard has been updated in 2013 to provide more clarity and more freedom in implementation, based on practical experiences. This paper compares ISO 27001:2005 and the updated 2013 standard, based on Annex A controls. We classify the controls into five categories of data, hardware, software, people and network. All of the controls defined in Annex A, regardless of their objectives, can easily be allocated to at least one of these categories. Classifying the controls to known categories offers an integrated view of the updated standard and presents a suitable guide for evaluating the performance and efficiency of the updated standard.
  • Keywords
    ISO standards; security of data; Annex A controls; ISMS standard; ISO 27001:2005; information security management system; ISO standards; Information security; Organizations; Software; Standards organizations; ISMS; Information Security Management Systems;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Availability, Reliability and Security (ARES), 2014 Ninth International Conference on
  • Conference_Location
    Fribourg
  • Type

    conf

  • DOI
    10.1109/ARES.2014.41
  • Filename
    6980290
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=182014