A GAP ANALYSIS TOOL FOR SMES TARGETING ISO/IEC 27001 COMPLIANCE

Thierry Valdevit, Nicolas Mayer

Abstract

Current trends indicate that information security is critical for today’s enterprises. As managers realise they cannot ignore the potential security risks, they tend to turn to the ISO/IEC 27001 standard, in order to implement an Information Security Management System (ISMS). While being adopted by large companies, ISMS are still considered as out of range by numerous smaller entities. To help SMEs to access to ISO/IEC 27001 certification is still a challenge. In this context, the initial step of an ISMS implementation project is significant: a gap analysis highlighting the current status of the enterprise with regards to the standard, and thus the resources needed to succeed in this project. This paper presents the method and research works performed in order to design, experiment and improve a SME-oriented gap analysis tool for ISO/IEC 27001.

References

  1. Agility Recovery Solutions, Hughes Marketing Group. 2009. Disaster Recovery & Business Continuity Survey.
  2. Avison, D., Lau, F., Myers, M., Nielsen, P.A., 1999. Action Research. Communications of the ACM, Vol. 42, No. 1.
  3. ISO, 2003. ISO/IEC 15504-2: Information technology - Process assessment - Part 2: Performing an assessment.
  4. ISO, 2005. ISO/IEC 27001: Information technology - Security techniques - Information security management systems - Requirements.
  5. Mayer, N., 2009. Model-based Management of Information System Security Risk. PhD thesis, University of Namur.
  6. Susman, G., Evered, R., 1978. An Assessment of the Scientific Merits of Action Research. Administrative Science Quarterly, Vol. 23, No. 4.
  7. Valdevit, T., Mayer, N., Barafort, B., 2009. Tailoring ISO/IEC 27001 for SMEs: A guide to implement an Information Security Management System in small settings. In Proceedings of the 16th European Systems & Software Process Improvement and Innovation Conference, Springer Berlin Heidelberg.
Download


Paper Citation


in Harvard Style

Valdevit T. and Mayer N. (2010). A GAP ANALYSIS TOOL FOR SMES TARGETING ISO/IEC 27001 COMPLIANCE . In Proceedings of the 12th International Conference on Enterprise Information Systems - Volume 3: ICEIS, ISBN 978-989-8425-06-5, pages 413-416. DOI: 10.5220/0002865504130416


in Bibtex Style

@conference{iceis10,
author={Thierry Valdevit and Nicolas Mayer},
title={A GAP ANALYSIS TOOL FOR SMES TARGETING ISO/IEC 27001 COMPLIANCE},
booktitle={Proceedings of the 12th International Conference on Enterprise Information Systems - Volume 3: ICEIS,},
year={2010},
pages={413-416},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0002865504130416},
isbn={978-989-8425-06-5},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 12th International Conference on Enterprise Information Systems - Volume 3: ICEIS,
TI - A GAP ANALYSIS TOOL FOR SMES TARGETING ISO/IEC 27001 COMPLIANCE
SN - 978-989-8425-06-5
AU - Valdevit T.
AU - Mayer N.
PY - 2010
SP - 413
EP - 416
DO - 10.5220/0002865504130416