A quantitative method for ISO 17799 gap analysis

被引：17

作者：

Karabacak, Bilge ^{[1
]}

Sogukpinar, Ibrahim

机构：

[1] Gebze Inst Technol, TR-41400 Gebze, Kocaeli, Turkey

[2] Natl Res Inst Elect & Cryptol UEKAE, TR-06100 Ankara, Turkey

来源：

COMPUTERS & SECURITY | 2006年 / 25卷 / 06期

关键词：

BS; 7799; ISO; 17799; 27001; compliance; information security; risk analysis; quantitative risk analysis; survey;

D O I：

10.1016/j.cose.2006.05.001

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

ISO/AEC 17799:2005 is one of the leading standards of information security. It is the code of practice including 133 controls in 11 different domains. There are a number of tools and software that are used by organizations to check whether they comply with this standard. The task of checking compliance helps organizations to determine their conformity to the controls listed in the standard and deliver useful outputs to the certification process. In this paper, a quantitative survey method is proposed for evaluating ISO 17799 compliance. Our case study has shown that the survey method gives accurate compliance results in a short time with minimized cost. (C) 2006 Elsevier Ltd. All rights reserved.

引用

页码：413 / 419

页数：7

共 14 条

[1]

[Anonymous], 2001, NIST SPEC PUBL

[2]

[Anonymous], 270012005 ISOIEC

[3]

[Anonymous], 17799 ISO

[4]

*BSI, 2002, INF SEC MAN SYST SPE

[5]

C&A Systems Security Limited, 2000, COBRA CONS PROD WIND

[6]

Information Security Forum, 2003, STAND GOOD PRACT INF

[7]

*INT ORG STAND, 2005, 177992005 ISOIEC

[8]

*ISACA, 2004, CERT INF SYST AUD RE

[9] ISRAM: information security risk analysis method [J].

Karabacak, B ;

Sogukpinar, I .

COMPUTERS & SECURITY, 2005, 24 (02) :147-159

[10]

McEvoy N, 2002, LECT NOTES COMPUT SC, V2437, P88

← 1 2 →