A Database System for Effective Utilization of ISO/IEC 27002

ISO/IEC 27002 is an international standard for information security management. Although many organizations need to manage their information systems according to ISO/IEC 27002, ISO/IEC 27002 is not convenient for users to retrieve terms, definitions, and security controls and to make documents for information security management because the ISO/IEC 27002 is distributed only in form of booklet or PDF. On the other hand, ISEE, an information security engineering environment, has been proposed to support all tasks in from requirement analysis to maintenance of security facilities of software/information systems. ISEDS, an information security engineering database system, as a main component of ISEE, is planed manage all ISO standards related with information security and their concerning documents. This paper presents a database system for effective utilization of ISO/IEC 27002 that is obtained by adding ISO/IEC 27002 and related documents into ISEDS. The paper analyzes usages of ISO/IEC 27002, gives requirement analysis of the database system, presents a design and construction of the database system, and shows a usage example. The paper also investigates a systematic method to construct databases of ISO standards for information security in ISEDS.