Skip to main content
SpringerLink
Log in
Book cover

International Conference on Trust, Privacy and Security in Digital Business

TrustBus 2010: Trust, Privacy and Security in Digital Business pp 190–201Cite as

Building ISMS through the Reuse of Knowledge

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 6264))

Abstract

The information society is increasingly more dependent upon Information Security Management Systems (ISMSs), and the availability of these systems has become crucial to the evolution of Small and Medium-size Enterprises (SMEs). However, this type of companies requires ISMSs which have been adapted to their specific characteristics. In this paper we show the strategy that we have designed for the management and reuse of security information in the information system security management process. This strategy is set within the framework of a methodology that we have designed for the integral management of information system security and maturity, denominated as “Methodology for Security Management and Maturity in Small and Medium-sized Enterprises (MSM2-SME)”. This model is currently being applied in real cases, and is thus constantly improving.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Fernández-Medina, E., et al.: Model-Driven Development for secure information systems. Information and Software Technology Journal 51(5), 809–814 (2009)

    Article  Google Scholar 

  2. Kluge, D.: Formal Information Security Standards in German Medium Enterprises. In: CONISAR: The Conference on Information Systems Applied Research (2008)

    Google Scholar 

  3. Dhillon, G., Backhouse, J.: Information System Security Management in the New Millennium. Communications of the ACM 43(7), 125–128 (2000)

    Article  Google Scholar 

  4. De Capitani, S., Foresti, S., Jajodia, S.: Preserving Confidentiality of Security Policies in Data Outsourcing. In: WPES’08. ACM, Alexandria (2008)

    Google Scholar 

  5. Barlette, Y., Vladislav, V.: Exploring the Suitability of IS Security Management Standards for SMEs. In: Hawaii International Conference on System Sciences, Proceedings of the 41st Annual, Waikoloa, HI, USA (2008)

    Google Scholar 

  6. Vries, H., et al.: SME access to European standardization. Enabling small and medium-sized enterprises to achieve greater benefit from standards and from involvement in standardization. In: E.U. Rotterdam School of Management (ed.) Rotterdam, the Netherlands, pp. 1–95 (2009)

    Google Scholar 

  7. Wiander, T., Holappa, J.: Theoretical Framework of ISO 17799 Compliant. Information Security Management System Using Novel ASD Method in Technical Report, V.T.R.C.o. Finland, Editor (2006)

    Google Scholar 

  8. Wiander, T.: Implementing the ISO/IEC 17799 standard in practice – experiences on audit phases. In: AISC ’08: Proceedings of the Sixth Australasian Conference on Information Security, Wollongong, Australia (2008)

    Google Scholar 

  9. Sánchez, L.E., et al.: Security Management in corporative IT systems using maturity models, taking as base ISO/IEC 17799. In: International Symposium on Frontiers in Availability, Reliability and Security (FARES’06) in Conjunction with ARES, Viena, Austria (2006)

    Google Scholar 

  10. Sánchez, L.E., et al.: MMISS-SME Practical Development: Maturity Model for Information Systems Security Management in SMEs. In: 9th International Conference on Enterprise Information Systems (WOSIS’07), Funchal, Madeira (Portugal) (June 2007b)

    Google Scholar 

  11. Sánchez, L.E., et al.: Developing a model and a tool to manage the information security in Small and Medium Enterprises. In: International Conference on Security and Cryptography (SECRYPT’07), Barcelona, Junio, Spain (2007a)

    Google Scholar 

  12. Sánchez, L.E., et al.: Developing a maturity model for information system security management within small and medium size enterprises. In: 8th International Conference on Enterprise Information Systems (WOSIS’06), Paphos, Chipre (March 2006)

    Google Scholar 

  13. Sánchez, L.E., et al.: SCMM-TOOL: Tool for computer automation of the Information Security Management Systems. In: 2nd International Conference on Software and Data Technologies (ICSOFT’07), Barcelona-España Septiembre (2007c)

    Google Scholar 

  14. Sánchez, L.E., et al.: Practical Application of a Security Management Maturity Model for SMEs Based on Predefined Schemas. In: International Conference on Security and Cryptography (SECRYPT’08), Porto–Portugal (2008)

    Google Scholar 

  15. Sánchez, L.E., et al.: Managing Security and its Maturity in Small and Medium-Sized Enterprises. Journal of Universal Computer Science (J.UCS) 15(15), 3038–3058 (2009)

    Google Scholar 

  16. Sánchez, L.E., et al.: MMSM-SME: Methodology for the management of security and its maturity in Small and Medium-sized Enterprises. In: 11th International Conference on Enterprise Information Systems (WOSIS09), Milan, Italy, pp. 67–78 (2009)

    Google Scholar 

  17. Kostina, A., Miloslavskaya, N., Tolstoy, A.: Information Security Incident Management Process. In: SIN’09, North Cyprus, Turkey (2009) ACM 978-1-60558-412-6/09/10

    Google Scholar 

  18. Ohki, E., et al.: Information Security Governance Framework. In: WISG’09, Chicago, Illinois, USA (2009) ACM 978-1-60558-787-5/09/11

    Google Scholar 

  19. Siponen, M., Willison, R.: Information security management standards: Problems and solutions. Information & Management 46, 267–270 (2009)

    Article  Google Scholar 

  20. Gupta, A., Hammond, R.: Information systems security issues and decisions for small businesses. Information Management & Computer Security 13(4), 297–310 (2005)

    Article  Google Scholar 

  21. Batista, J., Figueiredo, A.: SPI in very small team: a case with CMM. Software Process Improvement and Practice 5(4), 243–250 (2000)

    Article  Google Scholar 

  22. Hareton, L., Terence, Y.: A Process Framework for Small Projects. Software Process Improvement and Practice 6, 67–83 (2001)

    Article  Google Scholar 

  23. Tuffley, A., Grove, B.,, M.: SPICE For Small Organisations. Software Process Improvement and Practice 9, 23–31 (2004)

    Article  Google Scholar 

  24. Calvo-Manzano, J.A., et al.: Experiences in the Application of Software Process Improvement in SMES. Software Quality Journal 10(3), 261–273 (2004)

    Article  Google Scholar 

  25. Mekelburg, D.: Sustaining Best Practices: How Real-World Software Organizations Improve Quality Processes. Software Quality Professional 7(3), 4–13 (2005)

    Google Scholar 

  26. Dick, B.: Applications. Sessions of Areol. Action research and evaluation (2000)

    Google Scholar 

  27. Kock, N.: The threee threats of action research: a discussion of methodological antidotes in the context of an information systems study. Decision Support Systems, 265–286 (2004)

    Google Scholar 

  28. Eloff, J., Eloff, M.: Information Security Management - A New Paradigm. In: Annual research conference of the South African Institute of Computer Scientists and Information Technologists on Enablement Through Technology SAICSIT’03, pp. 130–136 (2003)

    Google Scholar 

  29. ISO/IEC27002, ISO/IEC 27002, Information Technology - Security Techniques - The international standard Code of Practice for Information Security Management (2007)

    Google Scholar 

  30. MageritV2, Methodology for Information Systems Risk Analysis and Management (MAGERIT version 2), Ministerio de Administraciones Públicas, Spain (2006)

    Google Scholar 

  31. ISO/IEC27005, ISO/IEC 27005, Information Technology - Security Techniques - Information Security Risk Management Standard (under development) (2008)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Departament R&D, Sicaman Nuevas Tecnologias, Juan José Rodrigo 4, 13700, Tomelloso, Spain

    Luis Enrique Sánchez & Antonio Santos-Olmo

  2. Rearch GSyA Group, University of Castilla-La Mancha, Paseo de la Universidad 4, 13071, Ciudad Real, Spain

    Eduardo Fernández-Medina

  3. Rearch Alarcos Group, University of Castilla-La Mancha, Paseo de la Universidad 4, 13071, Ciudad Real, Spain

    Mario Piattini

Authors
  1. Luis Enrique Sánchez
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Antonio Santos-Olmo
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Eduardo Fernández-Medina
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Mario Piattini
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Digital Systems, University of Piraeus, 18534, Piraeus, Greece

    Sokratis Katsikas

  2. Computer Science Department, University of Malaga, 29071, Malaga, Spain

    Javier Lopez

  3. Department of Telematics Engineering, Technical University of Catalonia, 08034, Barcelona, Spain

    Miguel Soriano

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Sánchez, L.E., Santos-Olmo, A., Fernández-Medina, E., Piattini, M. (2010). Building ISMS through the Reuse of Knowledge. In: Katsikas, S., Lopez, J., Soriano, M. (eds) Trust, Privacy and Security in Digital Business. TrustBus 2010. Lecture Notes in Computer Science, vol 6264. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-15152-1_17

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-15152-1_17

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-15151-4

  • Online ISBN: 978-3-642-15152-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation