ISO/IEC 15504 BEST PRACTICES TO FACILITATE ISO/IEC 27000 IMPLEMENTATION

Antonia Mas, Antoni Lluís Mesquida, Esperança Amengual, Bartomeu Fluxà

2010

Abstract

In software development companies, as well as in any company, information must be adequately protected. Therefore, the implementation of information security standards has also become crucial in software organizations. Software companies involved in a process improvement initiative according to the ISO/IEC 15504 standard for process assessment and improvement are showing an increasing interest in the implementation of the ISO/IEC 27000 standard for information security management. With the intention of supporting these companies in the implementation of the ISO/IEC 27000 standard, our main goal is the development of a method which provides guidance on the application of both frameworks. As a first step of this work, in this article a mapping between ISO/IEC 27002 and ISO/IEC 15504-5 is presented.

References

  1. Amengual, E. and Mas, A. (2003). A New Method of ISO/IEC TR 15504 and ISO 9001:2000 Simultaneous Application on Software SMEs. In SPICE 2003, Joint ESA - 3rd International SPICE Conference on Process Assessment and Improvement. (pp. 87-92). Noordwijk, the Netherlands.
  2. Amengual, E. and Mas, A. (2007). Software Process Improvement in Small Companies: An Experience. In Proceedings of the EuroSPI 2007. Potsdam, Germany, September 2007.
  3. Barafort, B., Humbet, J-P., Poggi, S., 2006. Information Security Management and ISO/IEC 15504: the link opportunity between Security and Quality. In SPICE 2006, International SPICE Conference on Process Assessment and Improvement. Luxembourg.
  4. ISO/IEC. (1995). ISO/IEC 12207:1995 Information technology - Software life cycle processes. Amd 1:2002. Amd 2:2004.
  5. ISO/IEC. (2003). ISO/IEC 15504-2:2004 Software Engineering - Process Assessment - Part 2: Performing an assessment.
  6. ISO/IEC. (2004). ISO/IEC 15504-1:2004 Information Technology - Process Assessment - Part 1: Concepts and Vocabulary.
  7. ISO/IEC. (2005a). ISO/IEC 27001: Information technology - Security techniques - Information security management systems - Requirements.
  8. ISO/IEC. (2005b). ISO/IEC 27002: Information technology - Security techniques - Code of practice for information security management.
  9. ISO/IEC. (2006). ISO/IEC 15504-5: Information technology - Software Process Assessment - Part 5: An exemplar process assessment model.
  10. Mas, A. and Amengual, E. (2004). A Method for the Implementation of a Quality Management System in Software SMEs. In Proceedings of the Twelfth International Conference on Software Quality Management. British Computer Society, pp. 61-74, March 2004.
  11. Mas, A. and Amengual, E. (2005). La mejora de los procesos de software en las pequeñas y medianas empresas (pyme). Un nuevo modelo y su aplicación en un caso real. In Revista Española de Innovación, Calidad e Ingeniería del Software (REICIS). Vol. 1, no. 2, pp. 7-29, December 2005.
  12. Mas, A., Fluxà, B. and Amengual, E. (2009). Lessons learned from an ISO/IEC 15504 SPI Programme in a Company. In Proceedings of the EuroSPI 2009. Alcalá de Henares, Spain, September 2009.
  13. Mesquida, A. L., Mas, A. and Amengual, E. (2009). La madurez de los servicios TI. In Revista Española de Innovación, Calidad e Ingeniería del Software (REICIS). Vol. 5, nº 2, pp. 77-87, September 2009.
  14. Valdevi, T., Mayer, N., Barafort, B., 2009. Tailoring 27001 for SMEs: A Guide to Implement an Information Security Management System in Small Settings. In Proceedings of the EuroSPI 2009, CCIS 42, pp. 201-212. Springer-Verlag Berlin Heidelberg.
Download


Paper Citation


in Harvard Style

Mas A., Mesquida A., Amengual E. and Fluxà B. (2010). ISO/IEC 15504 BEST PRACTICES TO FACILITATE ISO/IEC 27000 IMPLEMENTATION . In Proceedings of the Fifth International Conference on Evaluation of Novel Approaches to Software Engineering - Volume 1: ENASE, ISBN 978-989-8425-21-8, pages 192-198. DOI: 10.5220/0003001001920198


in Bibtex Style

@conference{enase10,
author={Antonia Mas and Antoni Lluís Mesquida and Esperança Amengual and Bartomeu Fluxà},
title={ISO/IEC 15504 BEST PRACTICES TO FACILITATE ISO/IEC 27000 IMPLEMENTATION},
booktitle={Proceedings of the Fifth International Conference on Evaluation of Novel Approaches to Software Engineering - Volume 1: ENASE,},
year={2010},
pages={192-198},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0003001001920198},
isbn={978-989-8425-21-8},
}


in EndNote Style

TY - CONF
JO - Proceedings of the Fifth International Conference on Evaluation of Novel Approaches to Software Engineering - Volume 1: ENASE,
TI - ISO/IEC 15504 BEST PRACTICES TO FACILITATE ISO/IEC 27000 IMPLEMENTATION
SN - 978-989-8425-21-8
AU - Mas A.
AU - Mesquida A.
AU - Amengual E.
AU - Fluxà B.
PY - 2010
SP - 192
EP - 198
DO - 10.5220/0003001001920198