EconPapers    
Economics at your fingertips  

EconPapers Home
About EconPapers

Working Papers
Journal Articles
Books and Chapters
Software Components

Authors

JEL codes
New Economics Papers

Advanced Search


EconPapers FAQ
Archive maintainers FAQ
Cookies at EconPapers

Format for printing

The RePEc blog
The RePEc plagiarism page

 

An ISO 27001 compliance project for a cyber security service team

Moh Cissé
Additional contact information
Moh Cissé: CEO, M6C StrategIT, Canada

Cyber Security: A Peer-Reviewed Journal, 2019, vol. 2, issue 4, 346-359

Abstract: The ISO 270011 standard from the ISO/IEC 27000 family is a well-known reference framework for information security management. It defines and details controls and processes required for compliance with security practices. It provides companies with guidance and tools to adequately protect their technological environment and their information against security breaches, thereby simultaneously increasing the trust of their customers. Being ISO 27001 compliant provides a real competitive advantage and is even a requirement for some RFP tenders. Being ISO 27001 compliant or other equivalent governance frameworks, such as COBIT,2 is not a luxury for certain companies, especially those offering cyber security services. This framework has become a must to work with certain companies who have specific regulatory and legal constraints, such as PCI and SOX for banking environments, SOC I & II or NERC for companies operating in operational technology (OT) (SCADA/ICS) environments in North America. This paper puts forth a practical use case inspired by a real project initiated to reinforce the security governance framework of a major IT company offering cyber security (Bell Multi Services [Bell MS]) to financial firms and OT (SCADA/ICS) companies. To avoid advertising or unintentionally revealing confidential information, some information which is too specific and not relevant to this paper has been removed. The security and compliance programme executed for this company will be identified by a fictive name: SecurePhoenix programme. The objective of this programme was clearly to enhance the level of security services (risk management, logging and monitoring management, incident management, vulnerability management, identity and access management, etc.) offered by Bell Canada3 Multi Services security team for multi clients (here referred to by the fictive name Bell Security Operational Center [Bell SOC]). A year after SecurePhoenix launched all projects, the triad parameters (budget, time, quality) were all in the red. Bell Canada — or, more specifically, Bell MS — therefore hired the current author’s company, project management, audit and cyber security expertise to bring it the programme back on track.

Keywords: ISO 27001; audit; PMP; cybersecurity; compliance; WBS; KRI; KPI; GRC (search for similar items in EconPapers)
JEL-codes: M15 (search for similar items in EconPapers)
Date: 2019
References: Add references at CitEc
Citations:

Downloads: (external link)
https://hstalks.com/article/2564/download/ (application/pdf)
https://hstalks.com/article/2564/ (text/html)
Requires a paid subscription for full access.

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:aza:csj000:y:2019:v:2:i:4:p:346-359

Access Statistics for this article

More articles in Cyber Security: A Peer-Reviewed Journal from Henry Stewart Publications
Bibliographic data for series maintained by Henry Stewart Talks ().

 
Share

RePEc
This site is part of RePEc and all the data displayed here is part of the RePEc data set.

Is your work missing from RePEc? Here is how to contribute.

Questions or problems? Check the EconPapers FAQ or send mail to .

Örebro UniversityEconPapers is hosted by the School of Business at Örebro University.

Page updated 2025-03-19
Handle: RePEc:aza:csj000:y:2019:v:2:i:4:p:346-359