Building ISMS through the reuse of knowledge

Authors:
Luis Enrique Sánchez;Antonio Santos-Olmo;Eduardo Fernández-Medina;Mario Piattini
Affiliations:
Departament R&D, Sicaman Nuevas Tecnologias, Tomelloso, Spain;Departament R&D, Sicaman Nuevas Tecnologias, Tomelloso, Spain;University of Castilla-La Mancha, Ciudad Real, Spain;University of Castilla-La Mancha, Ciudad Real, Spain
Venue:
TrustBus'10 Proceedings of the 7th international conference on Trust, privacy and security in digital business
Year:
2010

Citing 11
Cited 1

Technical opinion: Information system security management in the new millennium

Communications of the ACM
Experiences in the Application of Software Process Improvement in SMES

Software Quality Control
Information security management: a new paradigm

SAICSIT '03 Proceedings of the 2003 annual research conference of the South African institute of computer scientists and information technologists on Enablement through technology
The three threats of action research: a discussion of methodological antidotes in the context of an information systems study

Decision Support Systems
Exploring the Suitability of IS Security Management Standards for SMEs

HICSS '08 Proceedings of the Proceedings of the 41st Annual Hawaii International Conference on System Sciences
Implementing the ISO/IEC 17799 standard in practice: experiences on audit phases

AISC '08 Proceedings of the sixth Australasian conference on Information security - Volume 81
Preserving confidentiality of security policies in data outsourcing

Proceedings of the 7th ACM workshop on Privacy in the electronic society
Editorial: Model-Driven Development for secure information systems

Information and Software Technology
Information security management standards: Problems and solutions

Information and Management
Information security incident management process

Proceedings of the 2nd international conference on Security of information and networks
Information security governance framework

Proceedings of the first ACM workshop on Information security governance

Towards an empirical examination of IT security infrastructures in SME

NordSec'12 Proceedings of the 17th Nordic conference on Secure IT Systems

Quantified Score

Hi-index	0.00

Visualization

Abstract

The information society is increasingly more dependent upon Information Security Management Systems (ISMSs), and the availability of these systems has become crucial to the evolution of Small and Medium-size Enterprises (SMEs). However, this type of companies requires ISMSs which have been adapted to their specific characteristics. In this paper we show the strategy that we have designed for the management and reuse of security information in the information system security management process. This strategy is set within the framework of a methodology that we have designed for the integral management of information system security and maturity, denominated as "Methodology for Security Management and Maturity in Small and Mediumsized Enterprises (MSM2-SME)". This model is currently being applied in real cases, and is thus constantly improving.