Tailoring ISO/IEC 27001 for SMEs: A Guide to Implement an Information Security Management System in Small Settings

被引：0

作者：

Valdevit, Thierry ^{[1
]}

Mayer, Nicolas ^{[1
]}

Barafort, Beatrix ^{[1
]}

机构：

[1] CRP Henri Tudor, L-1855 Luxembourg, Luxembourg

来源：

SOFTWARE PROCESS IMPROVEMENT, PROCEEDINGS | 2009年 / 42卷

关键词：

Information security; ISO/IEC; 27001; SME; implementation guide;

D O I：

暂无

中图分类号：

TP31 [计算机软件];

学科分类号：

081202 ; 0835 ;

摘要：

While Information Security Management Systems (ISMS) are being adopted by the biggest IT companies, it remains quite difficult for smaller entities to implement and maintain all the requirements of ISO/IEC 27001. In order to increase information security in Luxembourg, the Public Research Centre Henri Tudor has been charged by the Luxembourg Ministry of Economy and Foreign Trade to find solutions to facilitate ISMS deployment for SMEs. After an initial experiment aiming at assisting a SME in getting the first national ISO/IEC 27001 certification for a private company, an implementation guide for deploying an ISMS, validated by local experts and experimented in SMEs, has been released and is presented in this paper.

引用

页码：201 / 212

页数：12

共 50 条

[21] Goal- Based Establishment of an Information Security Management System Compliant to ISO 27001
Beckers, Kristian
[J]. SOFSEM 2014: THEORY AND PRACTICE OF COMPUTER SCIENCE, 2014, 8327 : 102 - 113
[22] Using the bell labs security framework to enhance the ISO 17799/27001 information security management system
Mcgee, Andrew R.
Bastry, Frank A.
Chandrashekhar, Uma
Vasireddy, S. Rao
Flynn, Lori A.
[J]. BELL LABS TECHNICAL JOURNAL, 2007, 12 (03) : 39 - 54
[23] Customized Diagnostic Tool for The Security Maturity Level of The Enterprise Information Based on ISO/IEC 27001
Lopez-Leyva, Josue A.
Kanter-Ramirez, Christopher A.
Morales-Martinez, Jose P.
[J]. 2020 8TH EDITION OF THE INTERNATIONAL CONFERENCE IN SOFTWARE ENGINEERING RESEARCH AND INNOVATION (CONISOFT 2020), 2020, : 147 - 153
[24] Analysis of factors that inhibiting implementation of Information Security Management System (ISMS) based on ISO 27001
Tatiara, R.
Fajar, A. N.
Siregar, B.
Gunawan, W.
[J]. 2ND INTERNATIONAL CONFERENCE ON COMPUTING AND APPLIED INFORMATICS 2017, 2018, 978
[25] THEORETICAL AND PRACTICAL CONSIDERATIONS REGARDING THE INFORMATION SECURITY MANAGEMENT SYSTEM WITHIN ORGANIZATIONS IN CONCORDANCE WITH THE NEW INTERNATIONAL STANDARD ISO/IEC 27001:2013
Tiganoaia, Bogdan
[J]. GLOBALIZATION AND INTERCULTURAL DIALOGUE: MULTIDISCIPLINARY PERSPECTIVES - ECONOMY AND MANAGEMENT, 2014, : 62 - 68
[26] ISMS-CORAS: A structured method for establishing an ISO 27001 compliant information security management system
Beckers, Kristian
Heisel, Maritta
Solhaug, Bjørnar
Stølen, Ketil
[J]. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 2014, 8431 : 315 - 344
[27] On Developing Information Security Management System (ISMS) Framework for ISO 27001-based Data Center
Achmadi, Dedy
Suryanto, Yohan
Ramli, Kalamullah
[J]. 2018 INTERNATIONAL WORKSHOP ON BIG DATA AND INFORMATION SECURITY (IWBIS), 2018, : 149 - 157
[28] IMPROVING THE SECURITY OF LIBRARY-INFORMATION SYSTEM BY APPLYING STANDARD ISO 27001
Jamandilovic, Stefan
Stojanovic, Miroljub
[J]. BOSNIACA-JOURNAL OF THE NATIONAL AND UNIVERSITY LIBRARY OF BOSNIA AND HERZEGOVINA, 2018, (23): : 95 - 98
[29] Managing critical information infrastructure security compliance: A standard based approach using ISO/IEC 17799 and 27001
Jayawickrama, Wipul
[J]. On the Move to Meaningful Internet Systems 2006: OTM 2006 Workshops, Pt 1, Proceedings, 2006, 4277 : 565 - 574
[30] Information security objectives and the output legitimacy of ISO/IEC 27001: stakeholders’ perspective on expectations in private organizations in Sweden
Yasmin Kamil
Sofia Lund
M Sirajul Islam
[J]. Information Systems and e-Business Management, 2023, 21 : 699 - 722

← 1 2 3 4 5 →