Information Security Integral Engineering Technique and its Application in ISMS Design

Author

Lyubimov, Alexander ; Cheremushkin, Dmitry ; Andreeva, Natalia ; Shustikov, Sergey

Author_Institution

Dept. of Manage. & Inf. Technol., St. Petersburg State Polytech. Univ., St. Petersburg, Russia

fYear

2011

fDate

22-26 Aug. 2011

Firstpage

585

Lastpage

590

Abstract

This paper proposes a technique for the design and implementation of the information security management system (ISMS) for small and medium enterprises (SMEs). The technique is based on ISO 27001 standard ISMS requirements object model. The model was designed using methods and tools of the information security integral engineering (ISIE) framework, so the first part of the paper also briefly describes some features, components and engineering methods within the ISIE framework, which are important in practical applications but were presented insufficiently or were not presented at all in the previous papers. Along with the description of a general ISMS design and implementation method, the paper provides an example of the application of this method to design ISMS for city medium telecommunication SME. The paper also gives the evaluation of the technique´s efficiency.

Keywords

ISO standards; security of data; small-to-medium enterprises; ISIE framework; ISMS design; ISO 27001 standard; SME; information security integral engineering; information security management system; small and medium enterprises; IEC standards; ISO standards; Information security; Organizations; Standards organizations; Unified modeling language;

fLanguage

English

Publisher

ieee

Conference_Titel

Availability, Reliability and Security (ARES), 2011 Sixth International Conference on

Conference_Location

Vienna

Print_ISBN

978-1-4577-0979-1

Electronic_ISBN

978-0-7695-4485-4

Type

conf

DOI

10.1109/ARES.2011.121

Filename

6045981