ISO 17799: "Best Practices" in Information Security Management?
نویسندگان
چکیده
To protect the information assets of organizations, many different standards and guidelines have been proposed. Among them, International standard ISO 17799 is one of the most prominent international efforts on information security. This standard provides both an authoritative statement on information security and the procedures to be adopted by organizations to ensure information security. Security professionals claim ISO 17799 to be a suitable model for information security management and an appropriate vehicle for addressing information security management issues in the modern organization. However, to our knowledge, no empirical studies have been conducted to validate this standard. Based on a survey of information security professionals, we found that ISO 17799 is comprehensive, but not parsimonious. Keyword: best practices, information security management, ISO 17799, factor analysis, certified security professionals
منابع مشابه
Three Models to Measure Information Security Compliance
Compliance is one of the major issues in information security management is “to be sure been evaluated correctly”. Compliance (regulation) is defined as, “the act of adhering to, and demonstrating adherence to, a standard or regulation” (Wikipedia.org, 2008) or “Conformity in fulfilling official requirement” (MerriamWebster.com, 2009). Many industries measure the compliance with best practices ...
متن کاملPractical implementation of an ISO 17799- compliant information security management system using a novel ASD method
This paper discusses the practical implementation of the Agile Security Development (ASD framework and presents a case study that reviews the process of building an information security management system utilizing the framework. The case study reveals the action steps for a small and medium-sized organization to utilize the method. The ASD framework and its output is fully ISO/IEC17799 complian...
متن کاملThe Simple Information Security Audit Process: SISAP
The SISAP (Simple Information Security Audit Process) is a dynamic security audit methodology fully compliant with the ISO 17799 and BS 7799.2, and conformant with the ISO 14508 in terms of its functionality guidelines. The SISAP employs a simulation-based rule base generator that balances risks and business value generation capabilities using the Plan-Do-Check-Act cycle imposed in BS 7799.2. T...
متن کاملISO/IEC 17799 Standard’s Intended Usage and Actual Use by the Practitioners
The ISO/IEC 17799 standard (2005) is commonly viewed as a necessary element in information security management. However, there is no empirical evidence of the usefulness of the standard in practice. To study this issue, this study analyses the implementation experiences of four organisations that have implemented the ISO/IEC 17799 (2005) standard. Through semi-structured interviews, the results...
متن کاملInformation Security governance: COBIT or ISO 17799 or both?
This paper investigates the coexistence of and complementary use of COBIT and ISO 17799 as reference frameworks for Information Security governance. The investigation is based on a mapping between COBIT and ISO 17799 which became available in 2004, and provides a level of 'synchronization' between these two frameworks.
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- CAIS
دوره 15 شماره
صفحات -
تاریخ انتشار 2005