Managing information security complexity
Document Type
Conference Proceeding
Publisher
School of Computer and Information Science, Edith Cowan University
Faculty
Faculty of Computing, Health and Science
School
School of Computer and Information Science
RAS ID
5349
Abstract
This paper examines using a requirements management tool as a common thread to managing the complexity of information security systems. Requirements management provides a mechanism to trace requirements through to design, implementation, operating, monitoring, reviewing, testing, and reporting by creating links to associated, critical artefacts. This is instrumental in managing complex and dynamic systems where change can impact other subsystems and associated documentation. It helps to identify the affected artefacts through many layers. Benefits to this approach would include better project planning and management, improved risk management, superior change management, ease of reuse, enhanced quality control and more effective acceptance testing. It would also improve the ability to audit, especially at a time when outsourcing of security functions is occurring throughout the world. ISO 27001:2006 provides a model for the implementation of an Information Security Management System (ISMS) that can be tailored by an organization. It is proposed that employment of a requirements management tool could manage the traceability aspects of an ISMS.
DOI
10.4225/75/57b6562e34766
Access Rights
free_to_read
Comments
Brand, M. (2006, December). Managing Information Security Complexity. In Australian Information Security Management Conference (p. 66). Available here