Idea: A reference platform for systematic information security management tool support

Ingo Müller; Jun Han; Jean Guy Schneider; Steven Versteeg

doi:10.1007/978-3-642-19125-1_20

Idea: A reference platform for systematic information security management tool support

Ingo Müller, Jun Han, Jean Guy Schneider, Steven Versteeg

Research output: Chapter in Book/Report/Conference proceeding › Conference Paper › Research › peer-review

1 Citation (Scopus)

Abstract

The ISO 27001 standard specifies an information security management system (ISMS) as a means to implement security best practices for IT systems. Organisations that implement an ISMS typically experience various challenges such as enforcing a common vocabulary, limiting human errors and integrating existing management tools and security mechanisms. However, ISO 27001 does not provide guidance on these issues because tool support is beyond its scope, leaving organisations to start "from scratch" with manual and usually paper document-driven approaches. We propose a novel reference platform for security management that provides the foundation for systematic and automated ISMS tool support. Our platform consists of a unified information model, an enterprise-level repository and an extensible application and integration platform that aid practitioners in tackling the aforementioned challenges. This paper motivates and outlines the key elements of our approach and presents a first proof-of-concept prototype implementation.

Original language	English
Title of host publication	Engineering Secure Software and Systems - Third International Symposium, ESSoS 2011, Proceedings
Publisher	Springer
Pages	256-263
Number of pages	8
ISBN (Print)	9783642191244
DOIs	https://doi.org/10.1007/978-3-642-19125-1_20
Publication status	Published - 7 Feb 2011
Externally published	Yes
Event	International Symposium on Engineering Secure Software and Systems 2011 - Madrid, Spain Duration: 9 Feb 2011 → 10 Feb 2011 Conference number: 3rd https://link.springer.com/book/10.1007/978-3-642-19125-1 (Proceedings)

Publication series

Name	Lecture Notes in Computer Science
Publisher	Springer
Volume	6542
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	International Symposium on Engineering Secure Software and Systems 2011
Abbreviated title	ESSoS 2011
Country/Territory	Spain
City	Madrid
Period	9/02/11 → 10/02/11
Internet address	https://link.springer.com/book/10.1007/978-3-642-19125-1 (Proceedings)

Access to Document

10.1007/978-3-642-19125-1_20

Cite this

@inproceedings{bac0f829a9ad4680832476830c77f3d7,

title = "Idea: A reference platform for systematic information security management tool support",

abstract = "The ISO 27001 standard specifies an information security management system (ISMS) as a means to implement security best practices for IT systems. Organisations that implement an ISMS typically experience various challenges such as enforcing a common vocabulary, limiting human errors and integrating existing management tools and security mechanisms. However, ISO 27001 does not provide guidance on these issues because tool support is beyond its scope, leaving organisations to start {"}from scratch{"} with manual and usually paper document-driven approaches. We propose a novel reference platform for security management that provides the foundation for systematic and automated ISMS tool support. Our platform consists of a unified information model, an enterprise-level repository and an extensible application and integration platform that aid practitioners in tackling the aforementioned challenges. This paper motivates and outlines the key elements of our approach and presents a first proof-of-concept prototype implementation.",

author = "Ingo M{\"u}ller and Jun Han and Schneider, {Jean Guy} and Steven Versteeg",

year = "2011",

month = feb,

day = "7",

doi = "10.1007/978-3-642-19125-1_20",

language = "English",

isbn = "9783642191244",

series = "Lecture Notes in Computer Science",

publisher = "Springer",

pages = "256--263",

booktitle = "Engineering Secure Software and Systems - Third International Symposium, ESSoS 2011, Proceedings",

note = "International Symposium on Engineering Secure Software and Systems 2011, ESSoS 2011 ; Conference date: 09-02-2011 Through 10-02-2011",

url = "https://link.springer.com/book/10.1007/978-3-642-19125-1",

}

Müller, I, Han, J, Schneider, JG & Versteeg, S 2011, Idea: A reference platform for systematic information security management tool support. in Engineering Secure Software and Systems - Third International Symposium, ESSoS 2011, Proceedings. Lecture Notes in Computer Science, vol. 6542, Springer, pp. 256-263, International Symposium on Engineering Secure Software and Systems 2011, Madrid, Spain, 9/02/11. https://doi.org/10.1007/978-3-642-19125-1_20

Idea: A reference platform for systematic information security management tool support. / Müller, Ingo; Han, Jun; Schneider, Jean Guy et al.
Engineering Secure Software and Systems - Third International Symposium, ESSoS 2011, Proceedings. Springer, 2011. p. 256-263 (Lecture Notes in Computer Science; Vol. 6542).

Research output: Chapter in Book/Report/Conference proceeding › Conference Paper › Research › peer-review

TY - GEN

T1 - Idea

T2 - International Symposium on Engineering Secure Software and Systems 2011

AU - Müller, Ingo

AU - Han, Jun

AU - Schneider, Jean Guy

AU - Versteeg, Steven

N1 - Conference code: 3rd

PY - 2011/2/7

Y1 - 2011/2/7

N2 - The ISO 27001 standard specifies an information security management system (ISMS) as a means to implement security best practices for IT systems. Organisations that implement an ISMS typically experience various challenges such as enforcing a common vocabulary, limiting human errors and integrating existing management tools and security mechanisms. However, ISO 27001 does not provide guidance on these issues because tool support is beyond its scope, leaving organisations to start "from scratch" with manual and usually paper document-driven approaches. We propose a novel reference platform for security management that provides the foundation for systematic and automated ISMS tool support. Our platform consists of a unified information model, an enterprise-level repository and an extensible application and integration platform that aid practitioners in tackling the aforementioned challenges. This paper motivates and outlines the key elements of our approach and presents a first proof-of-concept prototype implementation.

AB - The ISO 27001 standard specifies an information security management system (ISMS) as a means to implement security best practices for IT systems. Organisations that implement an ISMS typically experience various challenges such as enforcing a common vocabulary, limiting human errors and integrating existing management tools and security mechanisms. However, ISO 27001 does not provide guidance on these issues because tool support is beyond its scope, leaving organisations to start "from scratch" with manual and usually paper document-driven approaches. We propose a novel reference platform for security management that provides the foundation for systematic and automated ISMS tool support. Our platform consists of a unified information model, an enterprise-level repository and an extensible application and integration platform that aid practitioners in tackling the aforementioned challenges. This paper motivates and outlines the key elements of our approach and presents a first proof-of-concept prototype implementation.

UR - http://www.scopus.com/inward/record.url?scp=79551526493&partnerID=8YFLogxK

U2 - 10.1007/978-3-642-19125-1_20

DO - 10.1007/978-3-642-19125-1_20

M3 - Conference Paper

AN - SCOPUS:79551526493

SN - 9783642191244

T3 - Lecture Notes in Computer Science

SP - 256

EP - 263

BT - Engineering Secure Software and Systems - Third International Symposium, ESSoS 2011, Proceedings

PB - Springer

Y2 - 9 February 2011 through 10 February 2011

ER -

Idea: A reference platform for systematic information security management tool support

Abstract

Publication series

Conference

Access to Document

Other files and links

Cite this