Open Access
Subscription Access
A Best Practice Approach for Integration of ITIL and ISO/IEC 27001 Services for Information Security Management
This paper explores the role of information security management within ITIL service management and how ITIL and ISO/IEC 27001 are aligned and can work together to improve information security management.
Keywords
Information security Management, Integration, Organization, ITIL, ISO/IEC 27001, Best Practice
User
Information
- Boehmer W (2008) Appraisal of the effectiveness and efficiency of an Information Security Management System based on ISO 27001. Proc. Second Int. Conf. Emerging Security Information, Sys. & Technologies. pp: 224-231.
- Esmaili HB, Gardesh H and Shadrokh Sikari SH (2010) Strategic Alignment: ITIL Perspective. Proc. 2nd Intl. Conf. Comput. Technol. & Develop. (ICCTD). pp: 550-555.
- Humphreys E (2008) Information security management standards: Compliance, governance and risk management. J. Info. Secur. Tech. Rep. 13(4), 247-255.
- International Organization for Standardization (ISO) (2005a) ISO/IEC FDIS 17799 Information Technology — Security Techniques — Code of Practice for Information Security Management, ISO/IEC FDIS 17799:2005(E), Geneva.
- International Organization for Standardization (ISO) (2005b) ISO/IEC 27001 Information technology- Security techniques- Information security management systemsrequirements, ISO/IEC 27001:2005(E). ISO Copyright Office. Published in Switzerland.
- Jaschob A and Tsintsifa L (2006) IT-Grundschutz: Two-Tier risk assessment for a higher efficiency in IT security management. ISSE 2006- Secur Electro Bus Process. Inform. Secur. Solut. Eur. Conf. Rome, Italy. pp: 95-101.
- Larrocha ER, Minguet JM, Diaz G, Castro M and Vara A (2010) Filling the gap of Information Security Management nside ITIL®: proposals for postgraduate students. IEEE EDUCON Edu. Engg. pp: 907-912.
- Office of Government Commerce (OGC) (2007) ITIL V3- Service design book, The Stationery Office, UK.
- Pereira T and Santos H (2010) A security audit framework to manage Information system security. J. Comms. Comput. Inform. Sci. 92: 9:18.
- Rezakhani A, Hajebi A and Mohammadi N (2010) Standardization of all Information Security Management Systems. Int.J.Comput.Appl. 18(8), 4-8.
- Sahibudin Sh, Sharifi M and Ayat M (2008) Combining ITIL, COBIT and ISO/IEC 27002 in order to design a comprehensive IT framework in organizations. Proc. 2nd Asia Intl. Conf. Modelling & Simulation. pp:749-753.
- Solms B (2005) Information Security governance: COBIT or ISO 17799 or both? J. Comput. Secur. 24, 99-104.
- Taylor G (2008) ITIL V3 Improves Information Security Management. East Carolina Univ., Jul 11.
- Thomson KL and Solms R (2005) Information security obedience: a definition. J. Comput. Secur. 24(1),69-75.
- Tsohou A, Kokolakis S, Lambrinoudakis C, Gritzalis S (2010) Information Systems Security Management: A Review and a Classification of the ISO Standards. J. Next Generat. Soc. Technol. Leg Issues. 26: 220:35.
- Warre KV (2010) Security controls in service management. SANS Institute reading room. from http://www.sans.org/search/results.
- Wegmann A, Regev G, Garret G, Marechal F (2008) Specifying Services for ITIL Service Management. Proc. Int. Workshop Service-Oriented Computing Consequences for Engineering Requirements (SOCCER'08). pp:1-8.
- Zegers N (2006) A methodology for improving information security incident identification and response. Master Thesis Inform.& Econom, Erasmus Univ. Rotterdam.
Abstract Views: 858
PDF Views: 224