SCMM-TOOL - Tool for Computer Automation of the Information Security Management Systems

Luís Enrique Sánchez, Daniel Villafranca, Eduardo Fernández-Medina, Mario Piattini

2007

Abstract

For enterprises to be able to use information technologies and communications with guarantees, it is necessary to have an adequate security management system and tools which allow them to manage it. In addition, security management system must have highly reduced costs for its implementation and maintenance in small and medium-sized enterprises (from here on refered to as SMEs) to be feasible. In this paper, we will show the tool we have developed using our model for the development, implementation and maintenance of a security management system, adapted to the needs and resources of a SME. Furthermore, we will state how this tool lets enterprises with limited resources manage their security system very efficiently. This approach is being directly applied to real cases, thus obtaining a constant improvement in its application.

References

  1. Aceituno, V. (2005). "Ism3 1.0: Information security management matury model."
  2. Alberts, C. J. and A. J. Dorofee (2001). OCTAVE Criteria, Version 2.0.
  3. Areiza, K. A., A. M. Barrientos, et al. (2005). Hacia un modelo de madurez para la seguridad de la información. IV Congreso Internacional de Auditoría y Seguridad de la Información.
  4. Barrientos, A. M. and K. A. Areiza (2005). Integración de un sistema de gestión de seguridad de la información conun sistema de gestión de calidad. Master's thesis, Universidad EAFIT.
  5. BS7799 (2002). BS 7799: Information security management systems. .
  6. BS25999 (2006). BS25999 - Standard for Business Continuity Management.
  7. COBIT (2000). Cobit Guidelines, Information Security Audit and Control Association.
  8. Corti, M. E., G. Betarte, et al. (2005). Hacia una implementación Exitosa de un SGSI. IV Congreso Internacional de Auditoría y Seguridad de la Información.
  9. Dhillon, G. and J. Backhouse (2000). "Information System Security Management in the New Millennium." Communications of the ACM 43(7): 125-128.
  10. Eloff, J. and M. Eloff (2003). Information Security Management - A New Paradigm. Annual research conference of the South African institute of computer scientists and information technologists on Enablement through technology SAICSIT03.
  11. Garigue, R. and M. Stefaniu (2003). "Information Security Governance Reporting." Information Systems Security sept/oct: 36-40.
  12. ISO/IEC17799 (2005). ISO/IEC 17799. Information Technology - Security techniques - Code of practice for information security management.
  13. Kim, S. and I.Choi (2005). Cost-Benefit Análisis of Security Investments: Methodology and Case Study. ICCSA 2005, LNCS 3482.
  14. Lee, J., J. Lee, et al. (2003). A CC-based Security Engineering Process Evaluation Model. Proceedings of the 27th Annual International Computer Software and Applications Conference (COMPSAC).
  15. MageritV2 (2005). Metodología de Análisis y Gestión de Riesgos para las Tecnologías de la Información, V2.
  16. Pertier, T. R. (2003). "Preparing for ISO 17799." Security Management Practices jan/feb: 21-28.
  17. Sant-Germain, R. (2005). "Information Security Management Best Practice Based on ISO/IEC 17799." Setting Standars, The information Management JournaL 39(4): 60-62, 64-66.
  18. Siegel, C. A., T. R. Sagalow, et al. (2002). "Cyber-Risk Management: Technical and Insurance Controls for Enterprise-Level Security." Security Management Practices sept/oct: 33-49.
  19. Swanson, M., A. Wohl, et al. (2002). "Contingency Planning Guide for Information Technology Systems." NIST.
  20. UNE71502, A. (2004). UNE 71502:2004 - Tecnología de la Información. Especificaciones para los sistemas de gestión de seguridad de la información.
  21. Wilson, M. and J. Hash (2003). "Building and Information Technology Security Awareness and Training Program." NIST Special Publication 800-50.
Download


Paper Citation


in Harvard Style

Enrique Sánchez L., Villafranca D., Fernández-Medina E. and Piattini M. (2007). SCMM-TOOL - Tool for Computer Automation of the Information Security Management Systems . In Proceedings of the Second International Conference on Software and Data Technologies - Volume 2: ICSOFT, ISBN 978-989-8111-06-7, pages 311-318. DOI: 10.5220/0001331003110318


in Bibtex Style

@conference{icsoft07,
author={Luís Enrique Sánchez and Daniel Villafranca and Eduardo Fernández-Medina and Mario Piattini},
title={SCMM-TOOL - Tool for Computer Automation of the Information Security Management Systems},
booktitle={Proceedings of the Second International Conference on Software and Data Technologies - Volume 2: ICSOFT,},
year={2007},
pages={311-318},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0001331003110318},
isbn={978-989-8111-06-7},
}


in EndNote Style

TY - CONF
JO - Proceedings of the Second International Conference on Software and Data Technologies - Volume 2: ICSOFT,
TI - SCMM-TOOL - Tool for Computer Automation of the Information Security Management Systems
SN - 978-989-8111-06-7
AU - Enrique Sánchez L.
AU - Villafranca D.
AU - Fernández-Medina E.
AU - Piattini M.
PY - 2007
SP - 311
EP - 318
DO - 10.5220/0001331003110318