COMPARISON OF IT SECURITY STANDARDS)

This paper proposes documenting the relationship between the FISMA security standards and guidelines and the ISO 27001 Information Security Management System (ISMS) and provide complete mapping between the two.

[1]  P. Bowen,et al.  Information Security Handbook: A Guide for Managers , 2006 .

[2]  Harold F. Tipton,et al.  Information Security Management , 2000 .

[3]  A. Segev Standardization in ITU-T , 2002, The 22nd Convention on Electrical and Electronics Engineers in Israel, 2002..

[4]  Marianne Swanson,et al.  SP 800-18 Rev. 1. Guide for Developing Security Plans for Federal Information Systems , 2006 .

[5]  R. Ross,et al.  Guide for the Security Certification And Accreditation of Federal Information Systems , 2004 .

[6]  Debra Herrmann,et al.  Complete Guide to Security and Privacy Metrics: Measuring Regulatory Compliance, Operational Resilience, and ROI , 2007 .

[7]  Nasser Modiri,et al.  Information Security Management , 2011, 2011 International Conference on Computational Intelligence and Communication Networks.

[8]  Marianne M. Swanson,et al.  Recommended Security Controls for Federal Information Systems , 2005 .

[9]  Joan Hash,et al.  SP 800-66 Rev. 1. An Introductory Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule , 2008 .

[10]  P. Bowen,et al.  Information Security Guide for Government Executives , 2007 .

[11]  Marianne Swanson,et al.  Managing Risk from Information Systems - Second Public Draft | NIST , 2008 .

[12]  Alan Calder,et al.  IT Governanace: A Manager's Guide to Data Security and ISO27001/ISO 27002 , 2008 .

[13]  Gary Stoneburner,et al.  SP 800-30. Risk Management Guide for Information Technology Systems , 2002 .

[14]  William C. Barker,et al.  Volume I: Guide for Mapping Types of Information and Information Systems to Security Categories , 2008 .

[15]  G. Stoneburner,et al.  Risk Management Guide for Information Technology Systems: Recommendations of the National Institute of Standards and Technology , 2002 .

[16]  Sigurjon Thor Arnason,et al.  How to Achieve 27001 Certification: An Example of Applied Compliance Management , 2007 .

[17]  Eugene H. Spafford,et al.  A distributed requirements management framework for legal compliance and accountability , 2009, Comput. Secur..