论文信息 - ISO 27001 Gap Analysis-Case Study

ISO 27001 Gap Analysis-Case Study

This work describes the initial steps taken toward the development of an Information Security Management System for the UAE e-government. To achieve this goal it was decided to obtain the ISO 27001 certification, which is the leading standard in information security. Gap analysis was performed on four selected organisations within the UAE e-government to determine their compliance against the ISO 27001 standards. This process will help identify the weakness in the existing system and highlight the any associated risks to the UAE e-government. In this paper a Management, Technical and Operational (MTO) model is presented. This model gives greater focus and provides a framework which is more aligned to the organisations structure and responsibilities. The results of benchmarking based on the ISO27001 standard, and the method used to measure the maturity level for each security control domain are presented.

Ibrahim Al-Mayahi

[1] Sangkyun Kim,et al. Assessment Methodology on Maturity Level of ISMS , 2005, KES.

[2] Andrea Pederiva. The COBIT Maturity Model in a Vendor Evaluation Case , 2004 .

[3] Thierry Valdevit,et al. Tailoring ISO/IEC 27001 for SMEs: A Guide to Implement an Information Security Management System in Small Settings , 2009, EuroSPI.

[4] Timo Wiander,et al. Implementing the ISO/IEC 17799 standard in practice - experiences on audit phases , 2008, AISC.

[5] S. Woodhouse. An ISMS (Im)-Maturity Capability Model , 2008, 2008 IEEE 8th International Conference on Computer and Information Technology Workshops.

[6] Brad Tuttle,et al. An empirical examination of CobiT as an internal control framework for information technology , 2007, Int. J. Account. Inf. Syst..

[7] Ibrahim Sogukpinar,et al. A quantitative method for ISO 17799 gap analysis , 2006, Comput. Secur..

[8] M. Dey. Information security management - a practical approach , 2007, AFRICON 2007.

[9] Alan Calder,et al. Information Security Based on ISO 27001/ISO 17799: A Management Guide , 2006 .