DEVELOPING AN EVALUATION FRAMEWORK FOR INFORMATION SYSTEM SECURITY VIA ISO 17799 MODEL

Abdel-Nasser H. Zaied

Abstract


Information system security (ISS) plays an important role in protecting the assets of an organization. The functioning of modern organizations is increasingly reliant on computers and global networks. In such organizations, ISS aimed at ensuring the confidentiality; integrity; and availability of information. So, organizations need practical security benchmarking tools in order to plan effective security strategies. Evaluating information systems security is a process which involves identifying; gathering; and analyzing security functionality and assurance level against certain standards. This can result in a measure of trust that indicates how well the system meets a particular security target. This paper attempts to provide an interpretation of ISO/IEC 17799, 2005 (ISO/IEC 27002) applications by adapting an evaluation framework for organization information system security level. An empirical study is performed to aid in validating the used framework. The results show that the framework is helpful for decision makers to decide the priorities and courses of actions should be taken to improve the organization security maturity level.

Refbacks

  • There are currently no refbacks.