Ontology-Based Evaluation of ISO 27001
نویسندگان
چکیده
Information security risks threaten the ability of organizations of reaching their operational and strategic goals. Increasing diversification of the information security landscapes makes addressing all risks a challenging task. Information security standards have positioned themselves as generic solutions to tackle a broad range of risks and try to guide security managers in their endeavors. However, it is not evident if such standards have the required holistic approach to be a solid foundation. In this paper a metamodel of the ISO 27001 security standard explicating its core concepts is presented. We then compare the constructed metamodel with various information security ontologies and analyze for comprehensiveness. We conclude with a discussion of core concepts in the information security domain.
منابع مشابه
Getting the Full Benefits of the ISO 27001 to Develop an ISMS based on Organisations’ InfoSec Culture
The ISO/IEC 27001 is an important and the most leading international information security management standard in the information security (InfoSec) world. The benefits of implementing the ISO 27001 are to provide market assurance and IT governance, based on customer demands and legal requirements. Although the ISO 27001 is a generic standard for all types of organisations and countries, there a...
متن کاملInteractive Selection of ISO 27001 Controls under Multiple Objectives
IT security incidents pose a major threat to the efficient execution of corporate strategies. Although, information security standards provide a holistic approach to mitigate these threats and legal acts demand their implementation, companies often refrain from the implementation of information security standards, especially due to high costs and the lack of evidence for a positive cost/benefit...
متن کاملObstructions of Turkish Public Organizations Getting ISO/IEC 27001 Certified
In this paper; a comparison has been made among the Articles contained in the ISO/IEC 27001 Standard and the Articles of the Civil Servants Law No 657, which should essentially be complied with by the personnel employed within the bodies of public institutions in Turkey; and efforts have been made in order to emphasize the consistent Articles; and in addition, the matters, which should be paid ...
متن کاملA Pattern-Based and Tool-Supported Risk Analysis Method Compliant to ISO 27001 for Cloud Systems
To benefit from cloud computing and the advantages it offers, obstacles regarding the usage and acceptance of clouds have to be cleared. For cloud providers, one way to obtain customers’ confidence is to establish security mechanisms when using clouds. The ISO 27001 standard provides general concepts for establishing information security in an organization. Risk analysis is an essential part in...
متن کاملStandard Compliant Hazard and Threat Analysis for the Automotive Domain
The automotive industry has successfully collaborated to release the ISO 26262 standard for developing safe software for cars. The standard describes in detail how to conduct hazard analysis and risk assessments to determine the necessary safety measures for each feature. However, the standard does not concern threat analysis for malicious attackers or how to select appropriate security counter...
متن کامل