Identyfikatory
Warianty tytułu
Języki publikacji
Abstrakty
The Statement of Applicability (SoA) is a mandatory document ISMS that you need to develop, prepare, and submit with your ISO 27001, and it is crucial in obtaining your ISO 27001 Risk Assessment and ISMS certification. According to ISO/IEC 27001, Information Security Management System is a collection of ‘that part of the general management system, based on the approach to business risk, to establish, implement, operate, monitor, review, maintain and improve information security. ISO/IEC 27001 specifies the requirements and implementation process for the Information Security Management System. However, implementing this standard without a good SoA document may prove impossible. The article presents a system model for the construction of SoA for ISMS and its certification following the ISO 27001 standard. This model aims to provide instruments for designing and generating an SoA document in relation to ISMS, covering all information processes in GIS. This model allows organizations to evaluate their current state of GIS information asset security implementation according to the best practices defined in ISO/IEC 27001. The proprietary model proposed in this article is assessed from a multi-stage perspective, which confirms that the proposed draft Statement of Use document makes a valuable and innovative contribution to information security management by considering the best practices in this field.
Czasopismo
Rocznik
Tom
Strony
79--92
Opis fizyczny
Bibliogr. 16 poz.
Twórcy
autor
- Military University of Technology, Faculty of Cybernetics, Institute of Computer and Information Systems, Warsaw, Poland
autor
- Military University of Technology, Faculty of Cybernetics, Institute of Computer and Information Systems, Warsaw, Poland
Bibliografia
- 1. Al-Mayahi, Mansoor P. (2008). ISO27001 gap analysis - case study.
- 2. Chi-Chun L., Wan-Jia C. (2012). A hybrid information security risk assessment procedure considers interdependences between controls. Expert Systems with Application. 39: 247-257.
- 3. Dubois E., Heymans P., Mayer, R. Matulevicius N. (2010). A Systematic Approach to Define the Domain of Information System Security Risk Management. Intentional Perspectives on Information Systems Engineering.
- 4. Goel S., Nussbaum B., (2021). Attribution Across Cyber Attack Types: Network Intrusions and Information Operations. IEEE Open Journal of the Communication Society. 2021, 2, 1082-1093. [CrossRef].
- 5. How to develop a Statement of Applicability according to ISO 27001:2017, March 2018, Edition 2.0. https://www.neupart.com/ [20.05.2022].
- 6. Miller H., Murphy R. (2009). Secure cyberspace: answering the call for intelligent action, IT Professional.
- 7. ISO/IEC 27001:2013, Information technology - Security techniques - Information security management systems - Requirements, 2013.
- 8. ISO Standard 27001 - Information security management systems - Requirements https://www.bsigroup.com/en-GB/iso-27001-information-security/BS-EN-ISO- IEC-27001-2017/ [20.05.2022].
- 9. ISO Standard 27002 - Information technology - Security techniques - Code of practice for information security controls, https://shop.bsigroup.com/ProductDetail/?pid=000000000030347481 [21.05.2022].
- 10. Payment Card Industry - Data Security Standard (PCI DSS), https://www.pcisecuritystandards.org/security_standards/index.php [21.05.2022].
- 11. SANS Institute - Twenty Critical Security Controls for Effective Cyber Defence http://www.sans.org/critical-security-controls/ [22.05.2022].
- 12. NIST Special Publication 800-53 Security and Privacy Controls for Federal Information Systems and Organizations http://nvlpubs.nist.gov/nistpubs/SpecialPublications/ NIST.SP.800-53r4.pdf [22.05.2022].
- 13. The Danish Agency for Digitization (Digitaliseringsstyrelsen) ISO 27001-benchmark http://www.digst.dk/Arkitektur-og-standarder/Styring-af-informationssikkerhed-efter-ISO-27001/~/media/Files/Arkitekturogstandarder/[23.05.2022]. InformationssikkerhedefterSO27001/ISO27001_Benchmark.ashx [23.05.2022].
- 14. Walkowski M., Biskup M., Szewczyk A., Oko J., Sujecki S. (2019). Container Based Analysis Tool for Vulnerability Prioritization in Cyber Security Systems. In: Proceedings of the 2019 21st International Conference on Transparent Optical Networks (ICTON), Angers, France, 9-13 July 2019; IEEE: Piscataway, NJ, USA. [CrossRef].
- 15. Tools and Software Solutions. https://www.itgovernance.co.uk/it-governance-tools [24.05.2022].
- 16. Tools and Software Solutions. https://advisera.com/27001academy/product-tour/[24.05.2022].
Uwagi
PL
Opracowanie rekordu ze środków MEiN, umowa nr SONP/SP/546092/2022 w ramach programu "Społeczna odpowiedzialność nauki" - moduł: Popularyzacja nauki i promocja sportu (2022-2023).
Typ dokumentu
Bibliografia
Identyfikator YADDA
bwmeta1.element.baztech-51af0046-4d3f-43b0-b1eb-11e37aed3546