Title :
Evaluating the Effectiveness of ISO 27001: 2013 Based on Annex A
Author :
Shojaie, Bahareh ; Federrath, Hannes ; Saberi, Iman
Author_Institution :
Univ. of Hamburg, Hamburg, Germany
Abstract :
The part of the management system of an organization dealing with information security is called Information Security Management System (ISMS). The most adopted ISMS standard is ISO 27001:2005. The 2005 version of the standard has been updated in 2013 to provide more clarity and more freedom in implementation, based on practical experiences. This paper compares ISO 27001:2005 and the updated 2013 standard, based on Annex A controls. We classify the controls into five categories of data, hardware, software, people and network. All of the controls defined in Annex A, regardless of their objectives, can easily be allocated to at least one of these categories. Classifying the controls to known categories offers an integrated view of the updated standard and presents a suitable guide for evaluating the performance and efficiency of the updated standard.
Keywords :
ISO standards; security of data; Annex A controls; ISMS standard; ISO 27001:2005; information security management system; ISO standards; Information security; Organizations; Software; Standards organizations; ISMS; Information Security Management Systems;
Conference_Titel :
Availability, Reliability and Security (ARES), 2014 Ninth International Conference on
Conference_Location :
Fribourg
DOI :
10.1109/ARES.2014.41
