Title :
Application of models in information security management
Author :
Milicevic, Danijel ; Goeken, Matthias
Author_Institution :
IT-Governance-Practice-Network, Frankfurt Sch. of Finance & Manage., Frankfurt am Main, Germany
Abstract :
The impact of information technology on business operations is widely recognized and its role in the emergence of new business models is well-known. In order to leverage the benefits of IT-supported business processes the security of the underlying information systems must be managed. Various socalled best-practice models and information security standards have positioned themselves as generic solutions for a broad range of risks. In this paper we inspect the metamodel of the information security standard ISO 27001 and describe its application for a set of generalized phases in information security management. We conclude with a demonstration of its practicality by providing an example of how such a metamodel can be applied, before discussing potential future research.
Keywords :
ISO standards; information management; information systems; security of data; ISO 27001 standard; IT-supported business processes; business models; business operations; information security management; information systems; information technology; ISO standards; Information security; Ontologies; Software; Unified modeling language; Application; Information Security Management; Metamodel;
Conference_Titel :
Research Challenges in Information Science (RCIS), 2011 Fifth International Conference on
Conference_Location :
Gosier
Print_ISBN :
978-1-4244-8670-0
Electronic_ISBN :
2151-1349
DOI :
10.1109/RCIS.2011.6006850
