PHYSICAL AND LOGICAL SECURITY MANAGEMENT ORGANIZATION MODEL BASED ON ISO 31000 AND ISO 27001

被引:0
|
作者
Pecina, Koldo [1 ]
Estremera, Ricardo [1 ]
Bilbao, Alfonso [2 ]
Bilbao, Enrique [2 ]
机构
[1] S21 Sec, Alcobendas, Spain
[2] Cuevavaliente Ingn, Tres Cantos, Spain
来源
2011 IEEE INTERNATIONAL CARNAHAN CONFERENCE ON SECURITY TECHNOLOGY (ICCST) | 2011年
关键词
Physical and Logical Security convergence; Risk Analysis; Risk Management; ISO; 27001; 31000;
D O I
暂无
中图分类号
TP301 [理论、方法];
学科分类号
081202 ;
摘要
This paper describes both the necessity of Physical and Logical Security management convergence and its implementation difficulty due to different organization models in most of the correspondent Security departments on enterprises and Administration organisms. This paper presents a methodology that makes it possible to comply with the ISO 31000 standard (for physical security) and ISO 27001 standard (for logical security) methodologies, analyzing simultaneously both information and physical assets. This paper presents an organization model proposal based on ISO 31000 standard (for physical security) and ISO 27001 standard (for logical security), and it integrates both models in the same company, being able to comply with both standards. The paper includes the proposed document structure for the model and a practical example of application.
引用
收藏
页数:5
相关论文
共 50 条
  • [1] Information Security Management Systems - A Maturity Model Based on ISO/IEC 27001
    Proenca, Diogo
    Borbinha, Jose
    [J]. BUSINESS INFORMATION SYSTEMS (BIS 2018), 2018, 320 : 102 - 114
  • [2] Risk Management A Maturity Model based on ISO 31000
    Proenca, Diogo
    Estevens, Joao
    Vieira, Ricardo
    Borbinha, Jose
    [J]. 2017 IEEE 19TH CONFERENCE ON BUSINESS INFORMATICS (CBI), VOL 1, 2017, 1 : 99 - 108
  • [3] Physical and Logical Security Risk Assessment Procedure for SMEs, according to ISO/IEC 27005:2011 and SR ISO 31000:2010 Standards
    Firoiu, Marian
    Bacivarov, Ioan C.
    [J]. QUALITY-ACCESS TO SUCCESS, 2016, 17 (152): : 86 - 98
  • [4] A Model of an Information Security Management System Based on NTC-ISO/IEC 27001 Standard
    Fonseca-Herrera, Omar A.
    Rojas, Alix E.
    Florez, Hector
    [J]. IAENG International Journal of Computer Science, 2021, 48 (02) : 1 - 10
  • [5] Model Driven Information Security Management - Evaluating and Applying the Meta Model of ISO 27001
    Milicevic, Danijel
    Goeken, Matthias
    [J]. AMCIS 2011 PROCEEDINGS, 2011,
  • [6] Information Security Risk Management: Handbook for ISO/IEC 27001
    Lomas, Elizabeth
    [J]. RECORDS MANAGEMENT JOURNAL, 2011, 21 (03) : 239 - +
  • [7] AUTOMATION OF AN INFORMATION SECURITY MANAGEMENT SYSTEM BASED ON THE ISO/IEC 27001 STANDARD
    de la Rosa Martin, Tonyse
    [J]. REVISTA UNIVERSIDAD Y SOCIEDAD, 2021, 13 (05): : 495 - 506
  • [8] The use of the risk management model ISO 31000 by private security companies in South Africa
    Govender, Doraval
    [J]. SECURITY JOURNAL, 2019, 32 (03) : 218 - 235
  • [9] Structuring the Asset Management based on ISO 55001 and ISO 31000: Where to start?
    Lima, Eliana Sangreman
    Freire de Lorena, Ana Luiza
    Cabral Seixas Costa, Ana Paula
    [J]. 2018 IEEE INTERNATIONAL CONFERENCE ON SYSTEMS, MAN, AND CYBERNETICS (SMC), 2018, : 3094 - 3099
  • [10] The use of the risk management model ISO 31000 by private security companies in South Africa
    Doraval Govender
    [J]. Security Journal, 2019, 32 : 218 - 235
12345