Model Driven Information Security Management - Evaluating and Applying the Meta Model of ISO 27001

Authors

Danijel Milicevic, Frankfurt am MainFollow
Matthias Goeken, Frankfurt am MainFollow

Track

Information Systems Security and Privacy

Abstract

Information technology has had a significant impact on business operations and allowed the emergence of new business models. These IT-enabled processes and businesses however depend on secure information systems which need to be managed. The management of information systems security (ISS) is a highly dynamic and complex task due to constant change in the information technology domain. In this paper we propose the use of a meta model to aid ISS managers in setting up a holistic information security management system (ISMS). For this we describe how an adapted meta model of ISO 27001, a security standard for ISMS, can be used to aid with general phases of ISS management. We demonstrate how models can support ISS managers in their endeavors. The paper concludes with a pragmatic evaluation by providing an example of how such a meta model can be operationalized for vulnerability identification, before discussing potential future research.

Recommended Citation

Milicevic, Danijel and Goeken, Matthias, "Model Driven Information Security Management - Evaluating and Applying the Meta Model of ISO 27001" (2011). AMCIS 2011 Proceedings - All Submissions. 376.
https://aisel.aisnet.org/amcis2011_submissions/376