Engineering secure systems with ISO 26702 and 27001

2010 5th International Conference on System of Systems Engineering, SoSE 2010

Volumn , Issue , 2010, Pages

  Evans, Rhys ^a   Tsohou, Aggeliki ^b   Tryfonas, Theo ^a   Morgan, Thea ^a  

^a UNIVERSITY OF BRISTOL   (United Kingdom)

^b UNIVERSITY OF THE AEGEAN   (Greece)

Author keywords

Security engineering; Standards

Indexed keywords

AREAS OF CONCERNS; COMPETITIVE ADVANTAGE; CONTRACTUAL RELATIONSHIPS; GLOBAL SECURITY; GOOD PRACTICES; ISO/IEC; SEAMLESS INTEGRATION; SECURE SYSTEM; SECURITY ENGINEERING; STANDARDISATION; SYSTEM ENGINEERS; SYSTEMS ENGINEERS; TECHNOLOGY DEVELOPMENT;

COMPETITION; ENGINEERS; REGULATORY COMPLIANCE; SECURITY OF DATA; SECURITY SYSTEMS; SYSTEMS ENGINEERING; TECHNOLOGICAL FORECASTING;

STANDARDS;

EID: 77956603862     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/SYSOSE.2010.5544065     Document Type: Conference Paper

References (26)

1. J.M. Tien and D. Berg. A case for service systems engineering. In Journal of systems science and systems engineering, volume 12 No. 1, pages 13-38, 2003.
2. Baskerville, R. Information Systems Security Design Methods: Implications for Information Systems Development. ACM Computing Surveys, 25(4), pp. 375-414, 1993.
3. BSI (2003) IT Baseline Protection Manual. Bundesamt fur Sicherheit in der Informationstechnik (Institute for Security in Information Technologies), material on the web site http://www.bsi.bund.de/english/gshb/index.htm. accessed May 2005.
4. CRAMM. CCTA Risk Analysis & Management Method v5.0, material on the web site www.cramm.com, accessed May 2005.
5. Katsikas, S. (1995) Risk Management in Information Systems. In Information Security: Technical, Legal and Social Issues by Alexandris, Kiountouzis & Trapezanoglou, published by the Greek Computer Society.
6. Irvine, C.E. et al. (2002) An Approach to Security Requirements Engineering for a High Assurance System. Requirements Engineering, 7, 192-206.
7. Wood, C.C. (1995) Shifting IS Security Responsibility from User Organisations to Vendor/Publisher Organisations. Computers & Security, 14, pp. 283-284.
8. Siponen, M. (2003) New directions on IS security methods: The process view. In: Security and Privacy in the Age of Uncertainty, Gritzalis, D. et al. (eds.), Kluwer Academic Publishers, 325-336.
9. Baskerville, R (1988) Designing Information Systems Security, Wiley publications.
10. McDermott, J. & Fox, C. Using abuse case models for security requirements. In: Proceedings of the 15th Annual Computer Security Applications Conference (ACSAC), 1999.
11. Downs, E., Clare, P. and Coe, I. SSADM: Application and Context, Prentice Hall, 1992.
12. Warren, M.J. & Batten, L.M. Security Management: An Information System Setting. In: Proceedings of the ACISP 2002 Conference, Batten, L., Seberry, J. (eds.), Springer-Verlag LNCS 2384, 257-270, 2002.
13. Evertsson, U, Orthberg, U. & Yngström, L. Integrating Security into Systems Development. In: Security and Privacy in the Age of Uncertainty, Gritzalis, D. et al. (eds.), Kluwer Academic Publishers, 313-324,2003.
14. Hitchings, J. Achieving an Integrated Design: The Way Forward for Information Security. In: Information Security - the next decade, Ellof, J. and von Solms, S. (eds), pp. 369-383, Chapman & Hall, 1995.
15. Checkland, P. (1981) Systems thinking, systems practice, Wiley Publications.
16. SBA (2005) IT Security By Analysis, material on the web site http://www.dfs.se/products/sbaeng/. accessed May 2005.
17. Vermeulen. C., and Von Solms. R. (2002) The information security management toolbox - taking the pain out of security management. Information Management & Computer Security, 10 (3), 119-125.
18. Kajava, J. et al (2006) Information security standards and global business: Proceedings of International Conference on Industrial Technology (ICIT 2006), December 15-17, Mumbai, India, p. 2091-2095.
19. ISO/IEC 26702. Systems engineering - application and management of the systems engineering process. Technical report, International Standards Organisation, 2007.
20. Sheard, S. A. and Lake, J. G, 1998, Systems Engineering Standards and Models Compared, Proceedings of 8th Symposium of INCOSE, Vancouver, Columbia.
21. Doran, T (2005) IEEE 1220: For Practical Systems Engineering. Computer May 2006 (vol. 39 no. 5).
22. Altomare, P M, (1996) Implementing systems engineering into an ongoing programme American Society of Mechanical Engineers, Dynamic Systems and Control Division, v 60, p 77-79, Engineering Systems
23. BERR. (2008) Information Security Breaches Survey, technical report. Price Water House Coopers, in association with Symantec, HP and The Security Company. Available from: http://www.security-survey.gov.uk [Accessed 8th February 2010].
24. ISO/IEC 27001. Information technology - security techniques - information security management systems - requirements. Technical report, International Standards Organisation
25. Ernst & Young. (2008) Global Information Security Survey: Moving beyond compliance. Ernst & Young. Available from: http://www.ey.com [Accessed 8th February 2010]
26. The ISO Survey of Certifications. (2008) ISO Central Secretariat. Available from: http://www.onac.org.co/portaVimages/stories/ISO-Survey2008.pdf [Accessed 8th February 2010].