Premium
Using ISO 17799: 2005 information security management: a STOPE view with six sigma approach
Author(s) -
Saleh Mohammad Saad,
Alrabiah Abdullah,
Bakry Saad Haj
Publication year - 2006
Publication title -
international journal of network management
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.373
H-Index - 28
eISSN - 1099-1190
pISSN - 1055-7148
DOI - 10.1002/nem.616
Subject(s) - dmaic , six sigma , computer science , measure (data warehouse) , design for six sigma , work (physics) , information security management system , control (management) , process management , information security , engineering management , risk analysis (engineering) , computer security , data mining , security information and event management , manufacturing engineering , business , engineering , mechanical engineering , cloud computing , operating system , lean manufacturing , artificial intelligence , cloud computing security
This paper is concerned with supporting the use of ISO 17799: 2005 information security management standard for the purpose of providing a ‘common safe environment’ for information services. The paper introduces a STOPE view of the standard, integrating its parts and protection measures around the basic domains of ‘strategy, technology, organization, people, and environment’. The paper also presents an approach for the application of the standard, considering the STOPE view, in a way that emphasizes continuous improvement. The phases of the approach are based on the phases of six sigma DMAIC approach of ‘define, measure, analyze, improve, and control’; the team proposed for the implementation of the work is also based on six sigma principles. The paper concludes with some suggestions for future related and needed work. Copyright © 2006 John Wiley & Sons, Ltd.