Practical implementation of an ISO 17799- compliant information security management system using a novel ASD method

This paper discusses the practical implementation of the Agile Security Development (ASD framework and presents a case study that reviews the process of building an information security management system utilizing the framework. The case study reveals the action steps for a small and medium-sized organization to utilize the method. The ASD framework and its output is fully ISO/IEC17799 compliant but takes the organization’s actual management systems into account, so that ISO/IEC 17799 certification is not necessarily the ultimate target if the organization so chooses. The ASD framework supports auditing against the organization’s own baseline, which might not be compliant with existing standards and industry-defined best practices. Process improvement is achieved here through verifying the company’s ISMS so that it fulfills the requirements the company has set by doing a risk analysis to identify weak spots within the system.