Tailoring ISO/IEC 27001 for SMEs: A Guide to Implement an Information Security Management System in Small Settings

被引：0

作者：

Valdevit, Thierry ^{[1
]}

Mayer, Nicolas ^{[1
]}

Barafort, Beatrix ^{[1
]}

机构：

[1] CRP Henri Tudor, L-1855 Luxembourg, Luxembourg

来源：

SOFTWARE PROCESS IMPROVEMENT, PROCEEDINGS | 2009年 / 42卷

关键词：

Information security; ISO/IEC; 27001; SME; implementation guide;

D O I：

暂无

中图分类号：

TP31 [计算机软件];

学科分类号：

081202 ; 0835 ;

摘要：

While Information Security Management Systems (ISMS) are being adopted by the biggest IT companies, it remains quite difficult for smaller entities to implement and maintain all the requirements of ISO/IEC 27001. In order to increase information security in Luxembourg, the Public Research Centre Henri Tudor has been charged by the Luxembourg Ministry of Economy and Foreign Trade to find solutions to facilitate ISMS deployment for SMEs. After an initial experiment aiming at assisting a SME in getting the first national ISO/IEC 27001 certification for a private company, an implementation guide for deploying an ISMS, validated by local experts and experimented in SMEs, has been released and is presented in this paper.

引用

页码：201 / 212

页数：12

共 50 条

[1] Information Security Risk Management: Handbook for ISO/IEC 27001
Lomas, Elizabeth
[J]. RECORDS MANAGEMENT JOURNAL, 2011, 21 (03) : 239 - +
[2] NEW STANDARD ISO/IEC 27001:2013 OF INFORMATION SECURITY MANAGEMENT SYSTEM
Drastich, Martin
[J]. KNOWLEDGE FOR MARKET USE 2014: MEDIA AND COMMUNICATION IN THE 21ST CENTURY, 2014, : 387 - 393
[3] AUTOMATION OF AN INFORMATION SECURITY MANAGEMENT SYSTEM BASED ON THE ISO/IEC 27001 STANDARD
de la Rosa Martin, Tonyse
[J]. REVISTA UNIVERSIDAD Y SOCIEDAD, 2021, 13 (05): : 495 - 506
[4] A Model of an Information Security Management System Based on NTC-ISO/IEC 27001 Standard
Fonseca-Herrera, Omar A.
Rojas, Alix E.
Florez, Hector
[J]. IAENG International Journal of Computer Science, 2021, 48 (02) : 1 - 10
[5] Information Security Management Systems - A Maturity Model Based on ISO/IEC 27001
Proenca, Diogo
Borbinha, Jose
[J]. BUSINESS INFORMATION SYSTEMS (BIS 2018), 2018, 320 : 102 - 114
[6] COMPARATIVE STUDY REGARDING INTERNATIONAL STANDARDS ON INFORMATION SECURITY MANAGEMENT SYSTEMS IN ORGANIZATIONS: ISO/IEC 27001:2013 vs ISO/IEC 27001:2005
Tiganoaia, Bogdan
[J]. GLOBALIZATION AND INTERCULTURAL DIALOGUE: MULTIDISCIPLINARY PERSPECTIVES - ECONOMY AND MANAGEMENT, 2014, : 102 - 109
[7] ADOPTION OF THE INFORMATION SECURITY MANAGEMENT SYSTEM STANDARD ISO/IEC 27001: A STUDY AMONG GERMAN ORGANIZATIONS
Mirtsch, Mona
[J]. INTERNATIONAL JOURNAL FOR QUALITY RESEARCH, 2023, 17 (03) : 747 - 768
[8] An Approach to Map COBIT Processes to ISO/IEC 27001 Information Security Management Controls
Sheikhpour, Razieh
Modiri, Nasser
[J]. INTERNATIONAL JOURNAL OF SECURITY AND ITS APPLICATIONS, 2012, 6 (02): : 13 - 28
[9] INTEGRATING THE INFORMATION SECURITY MANAGEMENT SYSTEM (ISO/IEC 27001) WITH OTHER MANAGEMENT SYSTEMS: A CASE STUDY IN A PHARMACEUTICAL ORGANISATION
Oliveira, Rui
Silva, Rui
Rebelo, Manuel Ferreira
[J]. IRF2016: 5TH INTERNATIONAL CONFERENCE INTEGRITY-RELIABILITY-FAILURE, 2016, : 843 - 844
[10] Information security and value creation: The performance implications of ISO/IEC 27001
Podrecca, Matteo
Culot, Giovanna
Nassimbeni, Guido
Sartor, Marco
[J]. COMPUTERS IN INDUSTRY, 2022, 142

← 1 2 3 4 5 →