Skip to Main Content
An ISO 27001 compliant information security management system is difficult to create, due to the the limited support for system development and documentation provided in the standard. We present a structured analysis of the documentation and development requirements in the ISO 27001 standard. Moreover, we investigate to what extent existing security requirements engineering approaches fulfill these requirements. We developed relations between these approaches and the ISO 27001 standard using a conceptual framework originally developed for comparing security requirements engineering methods. The relations include comparisons of important terms, techniques, and documentation artifacts. In addition, we show practical applications of our results.
Date of Conference: 20-24 Aug. 2012