To main content

ISMS-CORAS: A Structured Method for Establishing an ISO 27001 Compliant Information Security Management System

Abstract

Established standards on security and risk management provide
guidelines and advice to organizations and other stakeholders on how to fulfill their security needs. However, realizing and ensuring compliance with such standards may be challenging. This is partly because
the descriptions are very generic and have to be refined and interpreted by security experts, and partly because they lack techniques and practical guidelines. In previous work we showed how existing security requirements
engineering methods can be used to support the ISO 27001
information security standard. In this chapter we present ISMS-CORAS, which is an extension of the CORAS method for risk management that supports the ISO 27001 standard. ISMS-CORAS comes with techniques and guidelines necessary for establishing an Information Security Management System (ISMS) compliance with the standard, as well as the artifacts that are needed for the required documentation. We validate the method by applying it to a scenario from the smart grid domain.

Category

Academic chapter/article/Conference paper

Client

  • EU / 256980
  • EU / 316853

Language

English

Author(s)

Affiliation

  • Duisburg-Essen University
  • SINTEF Digital / Software and Service Innovation
  • University of Oslo

Year

2014

Publisher

Springer

Book

Engineering Secure Future Internet Services and Systems

Issue

8431

ISBN

978-3-319-07452-8

Page(s)

315 - 344

View this publication at Cristin