Information Security Integral Engineering Technique and its Application in ISMS Design

This paper proposes a technique for the design and implementation of the information security management system (ISMS) for small and medium enterprises (SMEs). The technique is based on ISO 27001 standard ISMS requirements object model. The model was designed using methods and tools of the information security integral engineering (ISIE) framework, so the first part of the paper also briefly describes some features, components and engineering methods within the ISIE framework, which are important in practical applications but were presented insufficiently or were not presented at all in the previous papers. Along with the description of a general ISMS design and implementation method, the paper provides an example of the application of this method to design ISMS for city medium telecommunication SME. The paper also gives the evaluation of the technique's efficiency.

[1]  Avelino Francisco Zorzo,et al.  Specifying Security Aspects in UML Models , 2008, MODSEC@MoDELS.

[2]  Stefan Fenz,et al.  Formalizing information security knowledge , 2009, ASIACCS '09.

[3]  David Powell,et al.  Dependability Evaluation of Cooperative Backup Strategies for Mobile Devices , 2007 .

[4]  Eric Dubois,et al.  Towards a Measurement Framework for Security Risk Management , 2008, MODSEC@MoDELS.

[5]  Edgar R. Weippl,et al.  Information Security Fortification by Ontological Mapping of the ISO/IEC 27001 Standard , 2007, 13th Pacific Rim International Symposium on Dependable Computing (PRDC 2007).

[6]  Andrzej Bialas Semiformal Approach to the IT Security Development , 2007, 2nd International Conference on Dependability of Computer Systems (DepCoS-RELCOMEX '07).

[7]  Andrzej Bialas A Semiformal Approach to the Security Problem of the Target of Evaluation (TOE) Modeling , 2006, Security and Management.

[8]  Aamer Nadeem,et al.  Comparative Study on DFD to UML Diagrams Transformations , 2011, ArXiv.

[9]  Andrzej Bialas The ISMS Business Environment Elaboration Using a UML Approach , 2005, Software Engineering: Evolution and Emerging Technologies.

[10]  Terrence P. Fries,et al.  A framework for transforming structured analysis and design artifacts to UML , 2006, SIGDOC '06.

[11]  Alexander V. Lyubimov,et al.  An application of integral engineering technique to information security standards analysis and refinement , 2010, SIN.

[12]  Alexander V. Lyubimov Integral engineering technique for information security methodologies , 2010, SIN.