Security Management Standards: A Mapping

Haufe, Knut; Colomo‐Palacios, Ricardo; Dzombeta, Srdan; Brandis, Knud; Stantchev, Vladimir

doi:10.1016/j.procs.2016.09.221

Cited by 18 publications

(5 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…To obtain an agreed basis of ISMS processes of these standards, multiple process reference models need to be harmonized. To harmonize multiple process reference models a systematic stepwise approach presented by Baldassarre [45] was used in a mapping study by Haufe et al [46]. For the analysis of the identified security management standards, an adaptation on the Models and Standards Similarity Study method by J.…”

Section: Methodsmentioning

confidence: 99%

“…ITIL and COBIT were analyzed (matching) regarding ISMS processes which were already identified in the ISO 27000 series as well as regarding additional possible ISMS processes. A matching table regarding the possible ISMS processes was created for ITIL and COBIT [46]. In the context of the matching the following questions were asked (based on Calvo-Manzano et al [47]): a.…”

Section: Methodsmentioning

confidence: 99%

“…3. The results from steps one and two were summarized in a mapping table which is documented in Haufe et al [46].…”

Section: Methodsmentioning

confidence: 99%

See 2 more Smart Citations

A process framework for information security management

Haufe¹,

Colomo‐Palacios²,

Dzombeta³

et al. 2022

IJISPM

View full text Add to dashboard Cite

Securing sensitive organizational data has become increasingly vital to organizations. An Information Security Management System (ISMS) is a systematic approach for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an organization's information security. Key elements of the operation of an ISMS are ISMS processes. However, and in spite of its importance, an ISMS process framework with a description of ISMS processes and their interaction as well as the interaction with other management processes is not available in the literature. Cost benefit analysis of information security investments regarding single measures protecting information and ISMS processes are not in the focus of current research, mostly focused on economics. This article aims to fill this research gap by proposing such an ISMS process framework as the main contribution. It is based on a set of agreed upon ISMS processes in existing standards like ISO 27000 series, COBIT and ITIL. Within the framework, identified processes are described and their interaction and interfaces are specified. This framework helps to focus on the operation of the ISMS, instead of focusing on measures and controls. By this, as a main finding, the systemic character of the ISMS consisting of processes and the perception of relevant roles of the ISMS is strengthened.

show abstract

Section: Methodsmentioning

confidence: 99%

Section: Methodsmentioning

confidence: 99%

See 1 more Smart Citation

A process framework for information security management

Haufe¹,

Colomo‐Palacios²,

Dzombeta³

et al. 2022

IJISPM

View full text Add to dashboard Cite

show abstract

“…An initial investigation to find systematic literature reviews on the topic of standards mapping yielded no satisfactory results. Haufe et al [5] base their observation on a non-systematic review searching for security standards mapping under the aspect of information security management system processes and quickly proceed to propose such a process mapping themselves. In [6], Olifer evaluates proposed standards mapping methodologies.…”

Section: Introductionmentioning

confidence: 99%

Mapping the State of Security Standards Mappings

Mussmann¹,

Brunner²,

Breu³

2020

WI2020 Zentrale Tracks

View full text Add to dashboard Cite

Companies often have to comply with more than one security standard and refine parts of security standards to apply to their domain and specific security goals. To understand which requirements different security standards stipulate, a systematic overview or mapping of the relevant natural language security standards is necessary. Creating such standards mappings is a difficult task; to discover which methodologies and tools researchers and practitioners propose and use to map security standards, we conducted a systematic literature review. We identified 44 resources published between 2004 and 2018 using ACM Digital Library, IEEEXplore, SpringerLink, ScienceDirect, dblp and additional grey literature sources. We found that research focuses either on manual methods or on security ontologies to create security standards mappings. We also observed an increase in scientific publications over the investigated timespan which we attribute to the ISO 27001 standard update in 2013 and the EU GDPR coming into effect in 2018.

show abstract

“…(Hosono & Shimomura, 2017;Haufe, Colomo, Dzombeta, Brandis & Stantchev, 2016;Fazlida & Said, 2015;Franco & Guerrero, 2013), los cuales son marcos de gestión del ciclo de vida de los servicios TIC, aunque sus resultados surgen de una diferencia de Ángulos de gestión (Hosono & Shimomura, 2017); como lo señalan Maryska, Doucek & Nedomova (2015), lo importante en este contexto es que la gestión de la informática empresarial está muy influenciada no sólo por los estándares antes mencionados directamente creados para, o al menos remotamente conectados con la tecnología de la información, sino también por muchas otras normas que aparentemente no tienen nada en común. Vol.…”

Section: Sistemas De Gestión De Tecnología De La Informaciónunclassified

Auditoría informática: un enfoque efectivo

View full text Add to dashboard Cite

show abstract

Security Management Standards: A Mapping

Cited by 18 publications

References 18 publications

A process framework for information security management

A process framework for information security management

Mapping the State of Security Standards Mappings

Auditoría informática: un enfoque efectivo

Contact Info

Product

Resources

About