EconPapers    
Economics at your fingertips  

EconPapers Home
About EconPapers

Working Papers
Journal Articles
Books and Chapters
Software Components

Authors

JEL codes
New Economics Papers

Advanced Search


EconPapers FAQ
Archive maintainers FAQ
Cookies at EconPapers

Format for printing

The RePEc blog
The RePEc plagiarism page

 

The proposal of software development and acquisition metrics based on ISO/IEC 27001 standard

Ladislav Beránek and Radim Remeš
Additional contact information
Ladislav Beránek: University of South Bohemia in České Budějovice
Radim Remeš: University of South Bohemia in České Budějovice

Acta Universitatis Bohemiae Meridionalis, 2009, vol. 12, issue 3, 93-98

Abstract: The implementation and operation of efficient information security management systems (ISMS) according to the ISO/IEC 27001 standard involves a number of steps, among others implementation and operation of appropriate processes, policies and objectives. The crucial issue is the correct definition of the metrics for measurement of the effectiveness of established processes and established controls. The paper describes some practical metrics for ISMS processes review but primarily deals with the metrics for the security category "Security in development and support processes" from the security control clause "Information systems acquisition, development and maintenance processes" (ISO/IEC 27001, ISO/IEC 27002). Judged by the authors' research and experience, organizations often concentrate mainly on other security categories (Correct processing in application, Cryptographic controls, Security of system files) from the security control clause "Information systems acquisition, development and maintenance processes" (ISO/IEC 27001, ISO/IEC 27002). The aim of this paper is to refocus on the necessity to define appropriate metrics for all processes (controls) corresponding to the "Information systems acquisition, development and maintenance" security clause.

Keywords: Security metrics; information security; ISO 27001; ISMS; software development (search for similar items in EconPapers)
Date: 2009
References: Add references at CitEc
Citations:

Downloads: (external link)
http://acta.ef.jcu.cz/doi/10.32725/acta.2009.044.html (text/html)
http://acta.ef.jcu.cz/doi/10.32725/acta.2009.044.pdf (application/pdf)
free of charge

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:boh:actaub:v:12:y:2009:i:3:p:93-98

DOI: 10.32725/acta.2009.044

Access Statistics for this article

Acta Universitatis Bohemiae Meridionalis is currently edited by Tereza Šťástková

More articles in Acta Universitatis Bohemiae Meridionalis from University of South Bohemia in Ceske Budejovice, Faculty of Economics Contact information at EDIRC.
Bibliographic data for series maintained by Ivo Andrle ().

 
Share

RePEc
This site is part of RePEc and all the data displayed here is part of the RePEc data set.

Is your work missing from RePEc? Here is how to contribute.

Questions or problems? Check the EconPapers FAQ or send mail to .

Örebro UniversityEconPapers is hosted by the School of Business at Örebro University.

Page updated 2025-04-22
Handle: RePEc:boh:actaub:v:12:y:2009:i:3:p:93-98