Your search keyword '"ISO/IEC 27000"' showing total 4 results

1. A gap analysis of the ISO/IEC 27000 standard implementation in Namibia

Author

Fungai Bhunu Shava and Diana Jogbeth Tjirare

Subjects

021103 operations research, Process management, Standard of Good Practice, 05 social sciences, 0211 other engineering and technologies, 02 engineering and technology, Information security, Computer security, computer.software_genre, ITIL security management, Security service, Information security management, Information security standards, 0502 economics and business, Business, ISO/IEC 27000, computer, 050203 business & management, Information security management system

Abstract

To ensure that the information asset is protected and available to organisations, information security needs to be governed by security standards. The ISO/IEC 27000 family of standards is one such standard; it keeps information assets secure and provides an information security management best practises framework. Despite its importance, the usage and adoption of the ISO/IEC 27000 standards is missing in Namibian organisations. An exploratory pilot survey conducted in 2015 with the key stakeholders namely the Communications Regulatory Authority, Internet Service Providers and government departments revealed that these standards are not being implemented at all. Based on literature review and the preliminary surveys, this paper presents the extent to which the ISO/IEC 27000 implementation framework is adopted in Namibia. The study will focus on the implementation extent for ISO 27000, 27001, 27002, 27003 and 27004 as these are the critical standards to the security posture of any organisation. A qualitative case study research approach with security critical organisations in Namibia was used for this study. Surveys and interviews were used to collect data from purposefully identified key stakeholders. The stakeholders offered rich information about the phenomenon under study. The survey results were used to evaluate the extent of implementation and the factors contributing to the poor implementation. A theoretical framework was derived from the findings and is thus presented in this paper. The factors making up the theoretical framework will be used as a basis in designing a policy framework for the adoption of security standards by organisations in Namibia to secure its critical assets, manage risks more effectively, improve and maintain customer confidence, demonstrate conformance to international best practice, avoid brand damage and change its information security posture as the technology is evolving.

Published

2017

2. Integración de Estándares de Gestión de TI mediante MIN-ITs

Author

Antonia Mas, Antoni Lluís Mesquida, Magdalena Arcilla, and Tomás San Feliu

Subjects

Integration of IT Management standards, Process management, lcsh:T58.5-58.64, General Computer Science, lcsh:Information technology, ISO 9001, business.industry, Best practice, media_common.quotation_subject, Integración de Estándares de Gestión de TI, Software development, Information technology, Service management, ISO/IEC 20000, Management, Software development process, ISO/IEC 27000, Information security management, Order (business), ISO/IEC 15504, Quality (business), Business, media_common

Abstract

Las empresas de desarrollo de software han apostado por la implantación de modelos y estándares de calidad con el objetivo de ofrecer productos que se adapten a las necesidades de los clientes y aumenten su satisfacción. Además de mejorar sus procesos de desarrollo de software, estas organizaciones también desean aumentar la capacidad de los procesos de otras disciplinas, como pueden ser la gestión de servicios de Tecnologías de la Información (TI) o la gestión de la seguridad de la información. Las normas ISO que definen las mejoras prácticas de estas áreas guardan una gran cantidad de relaciones entre sus recomendaciones, directrices y requisitos. A partir del estudio de todos estos elementos y aspectos comunes, se ha desarrollado el marco MIN-ITs, un marco que facilita la implantación integrada de los diferentes estándares ISO de gestión de TI. Software development companies have opted for implementing quality models and standards in order to provide products that meet customers’ needs and increase their satisfaction. In addition to improving their software development processes, these organizations also wish to increase the capability of the processes related to other disciplines, such as Information Technology (IT) service management and information security management. The ISO standards that define the best practices in these areas keep a great number of relations among their recommendations, guidelines and requirements. From the study of all these common elements and aspects we have developed MIN-ITs, a framework that facilitates the integrated implementation of different ISO IT management standards.

Published

2014

3. ISO/IEC 27000, 27001 and 27002 for Information Security Management

Author

Disterer, Georg

Subjects

Certified Information Security Manager, Computer science, Standard of Good Practice, Information security, Computer security, computer.software_genre, ITIL security management, 650 Management, Information security management, Information security standards, ddc:650, computer, ISO/IEC 27000, Information security management system

Abstract

With the increasing significance of information technology, there is an urgent need for adequate measures of information security. Systematic information security management is one of most important initiatives for IT management. At least since reports about privacy and security breaches, fraudulent accounting practices, and attacks on IT systems appeared in public, organizations have recognized their responsibilities to safeguard physical and information assets. Security standards can be used as guideline or framework to develop and maintain an adequate information security management system (ISMS). The standards ISO/IEC 27000, 27001 and 27002 are international standards that are receiving growing recognition and adoption. They are referred to as “common language of organizations around the world” for information security [1]. With ISO/IEC 27001 companies can have their ISMS certified by a third-party organization and thus show their customers evidence of their security measures.

Published

2013

4. An ISO/IEC 15504 Security Extension

Author

Esperança Amengual, Antonia Mas, and Antoni Lluís Mesquida

Subjects

ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, OSI protocols, Information security management, Software_SOFTWAREENGINEERING, Computer science, Systems engineering, Process improvement, ComputerApplications_COMPUTERSINOTHERSYSTEMS, IEC 61508, Information security, ISO/IEC 27000, Security controls

Abstract

Software companies which have been involved in a process improvement programme according to ISO/IEC 15504 have already performed some steps in order to implement ISO/IEC 27000 as an information security management framework. After analysing in depth the existing relations between ISO/IEC 15504-5 base practices and ISO/IEC 27002 security controls, in this paper the security controls covered by the ISO/IEC 15504-5 processes are described, the changes over these processes which would be necessary for the implementation of the controls are detailed and an ISO/IEC 15504 Security Extension that facilitates the implementation of both standards is presented.