Practical implementation of ISO 17799 compliant information security management system using novel ASD method

Jarkko Holappa; Timo Wiander

Practical implementation of ISO 17799 compliant information security management system using novel ASD method

Jarkko Holappa
, Timo Wiander

VTT Technical Research Centre of Finland

Research output: Chapter in Book/Report/Conference proceeding › Conference article in proceedings › Professional

Abstract

This paper discusses the practical implementation of the Agile Security Development (ASD framework and presents a case study that reviews the process of building an information security management system utilizing the framework. The case study reveals the action steps for a small and medium-sized organization to utilize the method. The ASD framework and its output is fully ISO/IEC17799 compliant but takes the organization’s actual management systems into account, so that ISO/IEC 17799 certification is not necessarily the ultimate target if the organization so chooses. The ASD framework supports auditing against the organization’s own baseline, which might not be compliant with existing standards and industry-defined best practices. Process improvement is achieved here through verifying the company’s ISMS so that it fulfills the requirements the company has set by doing a risk analysis to identify weak spots within the system.

Original language	English
Title of host publication	IAEA Technical Meeting on Cyber Security of Nuclear Power Plant Instrumentation, Control, and Information Systems
Publisher	International Atomic Energy Agency IAEA
Publication status	Published - 2006
MoE publication type	D3 Professional conference proceedings
Event	IAEA Technical Meeting on Cyber Security of Nuclear Power Plant Instrumentation, Control, and Information Systems - Idaho Falls, United States Duration: 17 Oct 2006 → 20 Oct 2006

Conference

Conference	IAEA Technical Meeting on Cyber Security of Nuclear Power Plant Instrumentation, Control, and Information Systems
Country/Territory	United States
City	Idaho Falls
Period	17/10/06 → 20/10/06

UN SDGs

This output contributes to the following UN Sustainable Development Goals (SDGs)

SDG 7 Affordable and Clean Energy
SDG 9 Industry, Innovation, and Infrastructure
SDG 12 Responsible Consumption and Production

Cite this

@inproceedings{2272710ca9514e97b6b1701ba1dde92e,

title = "Practical implementation of ISO 17799 compliant information security management system using novel ASD method",

abstract = "This paper discusses the practical implementation of the Agile Security Development (ASD framework and presents a case study that reviews the process of building an information security management system utilizing the framework. The case study reveals the action steps for a small and medium-sized organization to utilize the method. The ASD framework and its output is fully ISO/IEC17799 compliant but takes the organization{\textquoteright}s actual management systems into account, so that ISO/IEC 17799 certification is not necessarily the ultimate target if the organization so chooses. The ASD framework supports auditing against the organization{\textquoteright}s own baseline, which might not be compliant with existing standards and industry-defined best practices. Process improvement is achieved here through verifying the company{\textquoteright}s ISMS so that it fulfills the requirements the company has set by doing a risk analysis to identify weak spots within the system.",

author = "Jarkko Holappa and Timo Wiander",

note = "CD-ROM; IAEA Technical Meeting on Cyber Security of Nuclear Power Plant Instrumentation, Control, and Information Systems ; Conference date: 17-10-2006 Through 20-10-2006",

year = "2006",

language = "English",

booktitle = "IAEA Technical Meeting on Cyber Security of Nuclear Power Plant Instrumentation, Control, and Information Systems",

publisher = "International Atomic Energy Agency IAEA",

address = "Austria",

}

Holappa, J & Wiander, T 2006, Practical implementation of ISO 17799 compliant information security management system using novel ASD method. in IAEA Technical Meeting on Cyber Security of Nuclear Power Plant Instrumentation, Control, and Information Systems. International Atomic Energy Agency IAEA, IAEA Technical Meeting on Cyber Security of Nuclear Power Plant Instrumentation, Control, and Information Systems, Idaho Falls, Idaho, United States, 17/10/06.

Practical implementation of ISO 17799 compliant information security management system using novel ASD method. / Holappa, Jarkko; Wiander, Timo.
IAEA Technical Meeting on Cyber Security of Nuclear Power Plant Instrumentation, Control, and Information Systems. International Atomic Energy Agency IAEA, 2006.

Research output: Chapter in Book/Report/Conference proceeding › Conference article in proceedings › Professional

TY - GEN

T1 - Practical implementation of ISO 17799 compliant information security management system using novel ASD method

AU - Holappa, Jarkko

AU - Wiander, Timo

N1 - CD-ROM

PY - 2006

Y1 - 2006

N2 - This paper discusses the practical implementation of the Agile Security Development (ASD framework and presents a case study that reviews the process of building an information security management system utilizing the framework. The case study reveals the action steps for a small and medium-sized organization to utilize the method. The ASD framework and its output is fully ISO/IEC17799 compliant but takes the organization’s actual management systems into account, so that ISO/IEC 17799 certification is not necessarily the ultimate target if the organization so chooses. The ASD framework supports auditing against the organization’s own baseline, which might not be compliant with existing standards and industry-defined best practices. Process improvement is achieved here through verifying the company’s ISMS so that it fulfills the requirements the company has set by doing a risk analysis to identify weak spots within the system.

AB - This paper discusses the practical implementation of the Agile Security Development (ASD framework and presents a case study that reviews the process of building an information security management system utilizing the framework. The case study reveals the action steps for a small and medium-sized organization to utilize the method. The ASD framework and its output is fully ISO/IEC17799 compliant but takes the organization’s actual management systems into account, so that ISO/IEC 17799 certification is not necessarily the ultimate target if the organization so chooses. The ASD framework supports auditing against the organization’s own baseline, which might not be compliant with existing standards and industry-defined best practices. Process improvement is achieved here through verifying the company’s ISMS so that it fulfills the requirements the company has set by doing a risk analysis to identify weak spots within the system.

M3 - Conference article in proceedings

BT - IAEA Technical Meeting on Cyber Security of Nuclear Power Plant Instrumentation, Control, and Information Systems

PB - International Atomic Energy Agency IAEA

T2 - IAEA Technical Meeting on Cyber Security of Nuclear Power Plant Instrumentation, Control, and Information Systems

Y2 - 17 October 2006 through 20 October 2006

ER -

Practical implementation of ISO 17799 compliant information security management system using novel ASD method

Abstract

Conference

UN SDGs

Fingerprint

Cite this