Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

Supporting the development and documentation of ISO 27001 information security management systems through security requirements engineering approaches

: Beckers, K.; Faßbender, S.; Heisel, M.; Küster, J.-C.; Schmidt, H.


Barthe, G.:
Engineering secure software and systems. 4th international symposium, ESSoS 2012 : Eindhoven, The Netherlands, February, 16 - 17, 2012; proceedings
Berlin: Springer, 2012 (Lecture Notes in Computer Science 7159)
ISBN: 978-3-642-28165-5
ISBN: 3-642-28165-6
ISSN: 0302-9743
International Symposium on Engineering Secure Software and Systems (ESSoS) <4, 2012, Eindhoven>
Fraunhofer ISST ()

Assembling an information security management system according to the ISO 27001 standard is difficult, because the standard provides only sparse support for system development and documentation. We analyse the ISO 27001 standard to determine what techniques and documentation are necessary and instrumental to develop and document systems according to this standard. Based on these insights, we inspect a number of current security requirements engineering approaches to evaluate whether and to what extent these approaches support ISO 27001 system development and documentation. We re-use a conceptual framework originally developed for comparing security requirements engineering methods to relate important terms, techniques, and documentation artifacts of the security requirements engineering methods to the ISO 27001.