View article

Assembling an information security management system (ISMS) according to the ISO 27001 standard is difficult, because the standard provides only very sparse support for system development and documentation. Assembling an ISMS consists of several difficult tasks, e.g., asset identification, threat and risk analysis and security reasoning. Moreover, the standard demands consideration of laws and regulations, as well as privacy concerns. These demands present multi-disciplinary challenges for security engineers. Cloud computing provides scalable IT resources and the challenges of establishing an ISMS increases, because of the significant number of stakeholders and technologies involved and the distribution of clouds among many countries. We analyzed the ISO 27001 demands for these multi-disciplinary challenges and cloud computing systems. Based on these insights, we provide a method that …