Towards Automation in Information Security Management Systems
Title | Towards Automation in Information Security Management Systems |
Publication Type | Conference Paper |
Year of Publication | 2017 |
Authors | Brunner, M., Sillaber, C., Breu, R. |
Conference Name | 2017 IEEE International Conference on Software Quality, Reliability and Security (QRS) |
ISBN Number | 978-1-5386-0592-9 |
Keywords | ADAMANT, automated process execution, Automation, context-aware ISMS, continuous risk-driven ISMS, data protection, highly interconnected information security management, Human Behavior, human factors, information protection, Information security, Information Security Management System, information security management systems, Information Security Risk Management, Information systems, ISMS related activities, ISO 27001 compliant ISMS, Metrics, Process Automation, pubcrawl, Resiliency, risk management, Scalability, security controls automation, security of data, security requirements, small and medium-sized enterprises, small-to-medium enterprises, Stakeholders, Standards, Tools, ubiquitous computing, Ubiquitous Computing Security, workflow enactment |
Abstract | Establishing and operating an Information Security Management System (ISMS) to protect information values and information systems is in itself a challenge for larger enterprises and small and medium sized businesses alike. A high level of automation is required to reduce operational efforts to an acceptable level when implementing an ISMS. In this paper we present the ADAMANT framework to increase automation in information security management as a whole by establishing a continuous risk-driven and context-aware ISMS that not only automates security controls but considers all highly interconnected information security management tasks. We further illustrate how ADAMANT is suited to establish an ISO 27001 compliant ISMS for small and medium-sized enterprises and how not only the monitoring of security controls but a majority of ISMS related activities can be supported through automated process execution and workflow enactment. |
URL | http://ieeexplore.ieee.org/document/8009919/ |
DOI | 10.1109/QRS.2017.26 |
Citation Key | brunner_towards_2017 |
- small and medium-sized enterprises
- Process Automation
- pubcrawl
- Resiliency
- risk management
- Scalability
- security controls automation
- security of data
- security requirements
- Metrics
- small-to-medium enterprises
- Stakeholders
- standards
- tools
- ubiquitous computing
- Ubiquitous Computing Security
- workflow enactment
- information protection
- automated process execution
- automation
- context-aware ISMS
- continuous risk-driven ISMS
- Data protection
- highly interconnected information security management
- Human behavior
- Human Factors
- ADAMANT
- information security
- Information Security Management System
- information security management systems
- Information Security Risk Management
- Information systems
- ISMS related activities
- ISO 27001 compliant ISMS