To main content

ISMS-CORAS: A Structured Method for Establishing an ISO 27001 Compliant Information Security Management System

Abstract

Realizing security and risk management standards may be challenging, partly because the descriptions of what to realize are often generic and have to be refined by security experts. Removing this ambiguity is time intensive for security experts, because the experts have to interpret all the required tasks in the standard on their own. In our previous work we showed how to use security requirements engineering methods for the development and documentation of the ISO 27001 security standard. In this paper we (i) create an extension of the CORAS methodology for risk management that supports the ISO 27001 standard, (ii) validate the method via comparing its resulting artifacts to the artifacts of an industrial ISO 27001 application, and (iii) discuss the advantages of our method compared to the industrial state-of-the-art. We apply our method to a smart grid scenario provided by the industrial partners of the NESSoS project.
Oppdragsgiver: European Commission
Read publication

Category

Report

Client

  • SINTEF AS / 102002252

Language

English

Author(s)

Affiliation

  • Unknown
  • SINTEF Digital / Software and Service Innovation

Year

2013

Publisher

SINTEF

Issue

A25626

ISBN

9788214053388

View this publication at Cristin