Abstract
This paper suggests the evaluation methodology for ISMS (information security management systems) considering technical, managerial, and operational aspects of information security. This methodology includes the evaluation indices, process, and maturity model. We also provide the case study to prove its practical values. This methodology could be used effectively to analyze and evaluate the ISMS of various enterprises.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Kim, S., Leem, C.S.: Security of the Internet-based Instant Messenger: Risks and Safeguards. Internet Research. Electronic Networking Applications and Policy 15(1), Emerald (2005)
Kim, S., Lee, H.J., Leem, C.S.: Applying the ISO17799 Baseline Controls as a Security Engineering Principle under the Sarbanes-Oxley Act. Lecture Series on Computer Science and Computational Sciences, vol. 1. VSP International Science Publishers (2004)
Kim, S., Leem, C.S.: Implementation of the Security System for Instant Messengers. In: Zhang, J., He, J.-H., Fu, Y. (eds.) CIS 2004. LNCS, vol. 3314, pp. 739–744. Springer, Heidelberg (2004)
Kim, S., Leem, C.S.: An Information Engineering Methodology for the Security Strategy Planning. In: Laganá, A., Gavrilova, M.L., Kumar, V., Mun, Y., Tan, C.J.K., Gervasi, O. (eds.) ICCSA 2004. LNCS, vol. 3043, pp. 597–607. Springer, Heidelberg (2004)
Kang, J.B.: Internet Revolution and Internet Security. Triangle press (2001)
Shin, D.J.: Internet Information Security. Dongil Press (2001)
CC Project Team: Common criteria for Information Technology Security Evaluation. Common Criteria Project (1998)
NIST: An Introduction to Computer Security : The NIST Handbook. National Institute of Standards and Technology (1995)
SSE-CMM Project Team: Systems Security Engineering Capability Maturity Model. SEI of CMU (1999)
BSI: BS7799. BSI (1999)
Kim, J.D., Na, K.S.: Measuring of Index of Information Security by Vulnerability Estimation - Information Property Value Weight. In: Information Security and Cryptology (2000)
Barnard, L.: The Evaluation and Certification of Information Security Against BS7799. Information Management & Computer Security 6(2) (1998)
Solms, R.V.: Information Security Management: the Code of Practice for Information Security Management(BS7799). Information Management & Computer Security 6(2) (1998)
NIST: Security Assessment Guide Information Technology Systems. National Institute of Standards and Technology (2001)
Kim, I.J., Leem, C.S.: Development and Implementation of an Integrated Evaluation System for Continuous Maturity of IS Performance. Journal of the Korean Institute of Industrial Engineering 29(1) (2003)
GAO: Executive Guide - Measuring Performance and Demonstrating Results of Information Technology Investments. GAO (1998)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Leem, C.S., Kim, S., Lee, H.J. (2005). Assessment Methodology on Maturity Level of ISMS. In: Khosla, R., Howlett, R.J., Jain, L.C. (eds) Knowledge-Based Intelligent Information and Engineering Systems. KES 2005. Lecture Notes in Computer Science(), vol 3683. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11553939_87
Download citation
DOI: https://doi.org/10.1007/11553939_87
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-28896-1
Online ISBN: 978-3-540-31990-0
eBook Packages: Computer ScienceComputer Science (R0)