Skip to Main Content

IEEE.org| IEEE Xplore Digital Library| IEEE Standards| IEEE Spectrum| More Sites

Cart (Loading....) | Create Account | Sign In

Author Search^beta | Advanced Search | Preferences | | More Search Options

Browse Conference Publications > Availability, Reliability and ...

Using Security Requirements Engineering Approaches to Support ISO 27001 Information Security Management Systems Development and Documentation

Full Text Sign-In or Purchase

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Username

Password

Purchase PDF
Other Formats

Formats	Non-Member	Member
PDF	$31	$13

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

Already Purchased? View Article
Subscription Options Learn More

4 Author(s)

Beckers, K. ; Paluno - The Ruhr Inst. for Software Technol., Univ. of Duisburg-Essen, Duisburg, Germany ; Fassbender, S. ; Heisel, M. ; Schmidt, H.

An ISO 27001 compliant information security management system is difficult to create, due to the the limited support for system development and documentation provided in the standard. We present a structured analysis of the documentation and development requirements in the ISO 27001 standard. Moreover, we investigate to what extent existing security requirements engineering approaches fulfill these requirements. We developed relations between these approaches and the ISO 27001 standard using a conceptual framework originally developed for comparing security requirements engineering methods. The relations include comparisons of important terms, techniques, and documentation artifacts. In addition, we show practical applications of our results.

Published in:
Availability, Reliability and Security (ARES), 2012 Seventh International Conference on

Date of Conference: 20-24 Aug. 2012

Page(s):: 242 - 248
Print ISBN:: 978-1-4673-2244-7
INSPEC Accession Number:: 13059588

Conference Location :: Prague
Digital Object Identifier :: 10.1109/ARES.2012.35
Product Type:: Conference Publications

Author(s)

Beckers, K.
Paluno - The Ruhr Inst. for Software Technol., Univ. of Duisburg-Essen, Duisburg, Germany
Fassbender, S. ; Heisel, M. ; Schmidt, H.

INSPEC: CONTROLLED INDEXING

ISO standards

formal specification

formal verification

security of data

system documentation

INSPEC: NON CONTROLLED INDEXING

ISO 27001 standard

conceptual framework

development requirements

documentation artifacts

documentation requirements

information security management system development

security requirements engineering approach

structured analysis

system documentation

AUTHOR KEYWORDS

ISO27000

ISO27001

compliance

requirements engineering

security

security standards

IEEE TERMS

Documentation

ISO standards

Organizations

Risk management

Security

Standards organizations

Referenced Items are not available for this document.

No versions found for this document.

Standards Dictionary Terms are available to subscribers only.

| Create Account

IEEE Account

Purchase Details

Profile Information

Need Help?

US & Canada: +1 800 678 4333
Worldwide: +1 732 981 0060
Contact & Support

IEEE Advancing Technology for Humanity

About IEEE Xplore | Contact | Help | Terms of Use | Nondiscrimination Policy | Site Map | Privacy & Opting Out of Cookies

A not-for-profit organization, IEEE is the world's largest professional association for the advancement of technology.
© Copyright 2013 IEEE - All rights reserved. Use of this web site signifies your agreement to the terms and conditions.