Home // SOFTENG 2019, The Fifth International Conference on Advances and Trends in Software Engineering // View article

Towards a Modelling Language for Managing the Requirements of ISO/IEC 27001 Standard

Authors:
Daniel Ganji
Haralambos Mouratidis
Saeed Malekshahi Gheytassi

Keywords: Information Security Management System; ISO/IEC 27001; Requirements Engineering; PDCA; ISMS

Abstract:
The ISO/IEC 27001 standard helps organisations to continually review and refine the information security procedures to remain safe and secure, however, organisations face difficulties and concerned about understanding the requirements of the standard. The research to date from the industry and academia tended to focus on the overall description of the standard and such expositions are unsatisfactory because little is being contributed to the practicality of the ISMS structure. The generalisability of much-published research on the standard is insufficient for organisations aiming to implement the standard. An objective of this paper is to offer a direction towards a new modelling language to assist organisations to better understand the requirements of the ISO/IEC 27001 standard. The methodological approach took in developing our proposed research was found by systematically investigating the current gap in the literature and to explore the underlying needs of organisations to adopt the Information Security Management System (ISMS). This paper contributes a set of original components and concepts to holistically capture, model, and manage the requirements of the standard. Our modelling language enables the information security practitioners and interested parties in organisations to develop an ISMS and promote their corporate compliance with a well-established standard.

Pages: 17 to 23

Copyright: Copyright (c) IARIA, 2019

Publication date: March 24, 2019

Published in: conference

ISSN: 2519-8394

ISBN: 978-1-61208-701-6

Location: Valencia, Spain

Dates: from March 24, 2019 to March 28, 2019