A Gap Analysis Tool for SMEs Targeting ISO/IEC 27001 Compliance
نویسندگان
چکیده
Current trends indicate that information security is critical for today’s enterprises. As managers realise they cannot ignore the potential security risks, they tend to turn to the ISO/IEC 27001 standard, in order to implement an Information Security Management System (ISMS). While being adopted by large companies, ISMS are still considered as out of range by numerous smaller entities. To help SMEs to access to ISO/IEC 27001 certification is still a challenge. In this context, the initial step of an ISMS implementation project is significant: a gap analysis highlighting the current status of the enterprise with regards to the standard, and thus the resources needed to succeed in this project. This paper presents the method and research works performed in order to design, experiment and improve a SME-oriented gap analysis tool for ISO/IEC 27001.
منابع مشابه
A Pattern-Based and Tool-Supported Risk Analysis Method Compliant to ISO 27001 for Cloud Systems
To benefit from cloud computing and the advantages it offers, obstacles regarding the usage and acceptance of clouds have to be cleared. For cloud providers, one way to obtain customers’ confidence is to establish security mechanisms when using clouds. The ISO 27001 standard provides general concepts for establishing information security in an organization. Risk analysis is an essential part in...
متن کاملTailoring ISO/IEC 27001 for SMEs: A Guide to Implement an Information Security Management System in Small Settings
While Information Security Management Systems (ISMS) are being adopted by the biggest IT companies, it remains quite difficult for smaller entities to implement and maintain all the requirements of ISO/IEC 27001. In order to increase information security in Luxembourg, the Public Research Centre Henri Tudor has been charged by the Luxembourg Ministry of Economy and Foreign Trade to find solutio...
متن کاملISMS-CORAS: A Structured Method for Establishing an ISO 27001 Compliant Information Security Management System
Established standards on security and risk management provide guidelines and advice to organizations and other stakeholders on how to fulfill their security needs. However, realizing and ensuring compliance with such standards may be challenging. This is partly because the descriptions are very generic and have to be refined and interpreted by security experts, and partly because they lack tech...
متن کاملObstructions of Turkish Public Organizations Getting ISO/IEC 27001 Certified
In this paper; a comparison has been made among the Articles contained in the ISO/IEC 27001 Standard and the Articles of the Civil Servants Law No 657, which should essentially be complied with by the personnel employed within the bodies of public institutions in Turkey; and efforts have been made in order to emphasize the consistent Articles; and in addition, the matters, which should be paid ...
متن کاملAnalysis of the User Acceptance for Implementing ISO/IEC 27001:2005 in Turkish Public Organizations
This study aims to develop a model for the user acceptance for implementing the information security standard (i.e. ISO 27001) in Turkish public organizations. The results of the surveys performed in Turkey reveal that the legislation on information security public which organizations have to obey is significantly related with the user acceptance during ISO 27001 implementation process. The fun...
متن کامل