A. Lyubimov, Dmitry V. Cheremushkin, N. Andreeva, Sergey Shustikov
{"title":"信息安全集成工程技术及其在ISMS设计中的应用","authors":"A. Lyubimov, Dmitry V. Cheremushkin, N. Andreeva, Sergey Shustikov","doi":"10.1109/ARES.2011.121","DOIUrl":null,"url":null,"abstract":"This paper proposes a technique for the design and implementation of the information security management system (ISMS) for small and medium enterprises (SMEs). The technique is based on ISO 27001 standard ISMS requirements object model. The model was designed using methods and tools of the information security integral engineering (ISIE) framework, so the first part of the paper also briefly describes some features, components and engineering methods within the ISIE framework, which are important in practical applications but were presented insufficiently or were not presented at all in the previous papers. Along with the description of a general ISMS design and implementation method, the paper provides an example of the application of this method to design ISMS for city medium telecommunication SME. The paper also gives the evaluation of the technique's efficiency.","PeriodicalId":254443,"journal":{"name":"2011 Sixth International Conference on Availability, Reliability and Security","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2011-08-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"20","resultStr":"{\"title\":\"Information Security Integral Engineering Technique and its Application in ISMS Design\",\"authors\":\"A. Lyubimov, Dmitry V. Cheremushkin, N. Andreeva, Sergey Shustikov\",\"doi\":\"10.1109/ARES.2011.121\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"This paper proposes a technique for the design and implementation of the information security management system (ISMS) for small and medium enterprises (SMEs). The technique is based on ISO 27001 standard ISMS requirements object model. The model was designed using methods and tools of the information security integral engineering (ISIE) framework, so the first part of the paper also briefly describes some features, components and engineering methods within the ISIE framework, which are important in practical applications but were presented insufficiently or were not presented at all in the previous papers. Along with the description of a general ISMS design and implementation method, the paper provides an example of the application of this method to design ISMS for city medium telecommunication SME. The paper also gives the evaluation of the technique's efficiency.\",\"PeriodicalId\":254443,\"journal\":{\"name\":\"2011 Sixth International Conference on Availability, Reliability and Security\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2011-08-22\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"20\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2011 Sixth International Conference on Availability, Reliability and Security\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ARES.2011.121\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2011 Sixth International Conference on Availability, Reliability and Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ARES.2011.121","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 20
摘要
本文提出了一种面向中小企业的信息安全管理系统(ISMS)的设计与实现技术。该技术基于ISO 27001标准ISMS需求对象模型。模型的设计使用了信息安全集成工程(information security integral engineering, ISIE)框架的方法和工具,因此本文的第一部分还简要描述了在实际应用中很重要的一些特征、组件和工程方法,这些在以往的文章中都没有得到充分的介绍或根本没有介绍。在介绍了一种通用的信息管理系统设计与实现方法的基础上,给出了应用该方法设计城市中小电信企业信息管理系统的实例。并对该技术的有效性进行了评价。
Information Security Integral Engineering Technique and its Application in ISMS Design
This paper proposes a technique for the design and implementation of the information security management system (ISMS) for small and medium enterprises (SMEs). The technique is based on ISO 27001 standard ISMS requirements object model. The model was designed using methods and tools of the information security integral engineering (ISIE) framework, so the first part of the paper also briefly describes some features, components and engineering methods within the ISIE framework, which are important in practical applications but were presented insufficiently or were not presented at all in the previous papers. Along with the description of a general ISMS design and implementation method, the paper provides an example of the application of this method to design ISMS for city medium telecommunication SME. The paper also gives the evaluation of the technique's efficiency.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
