A Method for Re-using Existing ITIL Processes for Creating an ISO 27001 ISMS Process Applied to a High Availability Video Conferencing Cloud Scenario

Many companies have already adopted their business processes to be in accordance with defined and organized standards. Two standards that are sought after by companies are IT Infrastructure Library (ITIL) and ISO 27001. Often companies start certifying their business processes with ITIL and continue with ISO 27001. For small and medium-sized businesses, it is difficult to prepare and maintain the ISO 27001 certification. The IT departments of these companies often do not have the time to fully observere standards as part of their daily routine. ITIL and ISO 27001 perfectly fit into companies and help reduce errors through the standardization and comparability of products and services between themselves and other companies and partners. ISO 27001 specifically looks at security risks, countermeasures and remedial actions.

[1]  David Powell,et al.  Dependability Evaluation of Cooperative Backup Strategies for Mobile Devices , 2007 .

[2]  Peter Sommerlad,et al.  Security Patterns: Integrating Security and Systems Engineering , 2006 .

[3]  Edgar R. Weippl,et al.  Information Security Fortification by Ontological Mapping of the ISO/IEC 27001 Standard , 2007, 13th Pacific Rim International Symposium on Dependable Computing (PRDC 2007).

[4]  Kristian Beckers,et al.  Pattern-Based Support for Context Establishment and Asset Identification of the ISO 27000 in the Field of Cloud Computing , 2011, 2011 Sixth International Conference on Availability, Reliability and Security.

[5]  Alexander V. Lyubimov,et al.  An application of integral engineering technique to information security standards analysis and refinement , 2010, SIN.

[6]  Alan Calder Information Security based on ISO 27001/ISO 27002: A Management Guide - Best Practice , 2009 .

[7]  Alan Calder Implementing Information Security based on ISO 27001/ISO 27002 , 2009 .

[8]  Chris Rose,et al.  A Break in the Clouds: Towards a Cloud Definition , 2011 .

[9]  Martin Fowler,et al.  Analysis patterns - reusable object models , 1996, Addison-Wesley series in object-oriented software engineering.

[10]  Ralph Johnson,et al.  design patterns elements of reusable object oriented software , 2019 .

[11]  Rajkumar Buyya,et al.  Modeling and simulation of scalable Cloud computing environments and the CloudSim toolkit: Challenges and opportunities , 2009, 2009 International Conference on High Performance Computing & Simulation.

[12]  日本規格協会 情報技術-セキュリティ技術-情報セキュリティマネジメントシステム-要求事項 : 国際規格ISO/IEC 27001 = Information technology-Security techniques-Information security management systems-Requirements : ISO/IEC 27001 , 2005 .

[13]  P. Mell,et al.  The NIST Definition of Cloud Computing , 2011 .

[14]  Natalia Andreeva,et al.  Information Security Integral Engineering Technique and its Application in ISMS Design , 2011, 2011 Sixth International Conference on Availability, Reliability and Security.

[15]  Sebastian Klipper,et al.  ISO/IEC 27005 , 2011 .

[16]  Martin Beims,et al.  IT Infrastructure Library (ITIL , 2014 .

[17]  Jürgen Reuter,et al.  IT-Sicherheitsmanagement nach ISO 27001 und Grundschutz , 2011 .

[18]  Randy H. Katz,et al.  A view of cloud computing , 2010, CACM.

[19]  Randy H. Katz,et al.  Above the Clouds: A Berkeley View of Cloud Computing , 2009 .

[20]  Michael A. Jackson,et al.  Problem Frames - Analysing and Structuring Software Development Problems , 2000 .

[21]  Stefan Fenz,et al.  Information Security Automation: How Far Can We Go? , 2011, 2011 Sixth International Conference on Availability, Reliability and Security.