Refinement of Strategy and Technology Domains STOPE View on ISO 27001
نویسندگان
چکیده
It is imperative for organizations to use Information Security Management System (ISMS) to effectively manage their information assets. ISMS starts with a set of policies that dictate the usage of computer resources. It starts with the “21 essential security controls” of ISO 27001, which give the basic standard requirements of information security management. Our research is concerned with the assessment of the application of these controls to organizations. STOPE (Strategy, Technology, Organization, People and Environment) methodologies were used to integrated domains as a framework for this assessment. The controls are mapped on these domains and subsequently refined into “246 simple and easily comprehended elements”.
منابع مشابه
Towards an Integrated Management System (IMS), harmonizing the ISO/IEC 27001 and ISO/IEC 20000-2 Standards
In recent times, and in order to maintain an integrated, efficient and homogeneous policy, Integrated Management Systems (IMS) have emerged as an opportunity to improve processes related to Information Technology (IT) in organizations in a way that is modular, consistent and orderly. The ISO 27001 and ISO 20000 standards provide good practices for creating and/or strengthening management infras...
متن کاملConformity of Hospital Information Systems to ISO Standard 9241/ 110 in Hospitals Affiliated to Bushehr University of Medical Sciences: the Users, Point of View
Background: Extensive use of hospital information systems mandate their assessment. Materials and Methods: This cross-sectional study was conducted in hospitals affiliated to Bushehr University of Medical Sciences from May 2018 to February 2019. Data were collected using ISO 9241/110 standard questionnaire. This self-administered questionnaire was distributed among 568 software users in the u...
متن کاملGrid computing: a STOPE view
Grid computing is emerging as the foundation upon which virtual organizations can be built. Such organizations are becoming of increasing importance for tackling various projects, both in academic and in business fields. This paper is concerned with presenting an integrated view of the grid to readers interested in understanding it, or perhaps in developing it further or making use of it in the...
متن کاملGetting the Full Benefits of the ISO 27001 to Develop an ISMS based on Organisations’ InfoSec Culture
The ISO/IEC 27001 is an important and the most leading international information security management standard in the information security (InfoSec) world. The benefits of implementing the ISO 27001 are to provide market assurance and IT governance, based on customer demands and legal requirements. Although the ISO 27001 is a generic standard for all types of organisations and countries, there a...
متن کاملObstructions of Turkish Public Organizations Getting ISO/IEC 27001 Certified
In this paper; a comparison has been made among the Articles contained in the ISO/IEC 27001 Standard and the Articles of the Civil Servants Law No 657, which should essentially be complied with by the personnel employed within the bodies of public institutions in Turkey; and efforts have been made in order to emphasize the consistent Articles; and in addition, the matters, which should be paid ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- CoRR
دوره abs/1204.1385 شماره
صفحات -
تاریخ انتشار 2012