Idea: A reference platform for systematic information security management tool support

Ingo Müller, Jun Han, Jean Guy Schneider, Steven Versteeg

Research output: Chapter in Book/Report/Conference proceedingConference PaperResearchpeer-review

1 Citation (Scopus)


The ISO 27001 standard specifies an information security management system (ISMS) as a means to implement security best practices for IT systems. Organisations that implement an ISMS typically experience various challenges such as enforcing a common vocabulary, limiting human errors and integrating existing management tools and security mechanisms. However, ISO 27001 does not provide guidance on these issues because tool support is beyond its scope, leaving organisations to start "from scratch" with manual and usually paper document-driven approaches. We propose a novel reference platform for security management that provides the foundation for systematic and automated ISMS tool support. Our platform consists of a unified information model, an enterprise-level repository and an extensible application and integration platform that aid practitioners in tackling the aforementioned challenges. This paper motivates and outlines the key elements of our approach and presents a first proof-of-concept prototype implementation.

Original languageEnglish
Title of host publicationEngineering Secure Software and Systems - Third International Symposium, ESSoS 2011, Proceedings
Number of pages8
ISBN (Print)9783642191244
Publication statusPublished - 7 Feb 2011
Externally publishedYes
EventInternational Symposium on Engineering Secure Software and Systems 2011 - Madrid, Spain
Duration: 9 Feb 201110 Feb 2011
Conference number: 3rd (Proceedings)

Publication series

NameLecture Notes in Computer Science
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


ConferenceInternational Symposium on Engineering Secure Software and Systems 2011
Abbreviated titleESSoS 2011
Internet address

Cite this