Evaluating the Effectiveness of ISO 27001: 2013 Based on Annex A

@article{Shojaie2014EvaluatingTE,
  title={Evaluating the Effectiveness of ISO 27001: 2013 Based on Annex A},
  author={Bahareh Shojaie and Hannes Federrath and Iman Saberi},
  journal={2014 Ninth International Conference on Availability, Reliability and Security},
  year={2014},
  pages={259-264}
}
The part of the management system of an organization dealing with information security is called Information Security Management System (ISMS). The most adopted ISMS standard is ISO 27001:2005. The 2005 version of the standard has been updated in 2013 to provide more clarity and more freedom in implementation, based on practical experiences. This paper compares ISO 27001:2005 and the updated 2013 standard, based on Annex A controls. We classify the controls into five categories of data… CONTINUE READING

Citations

Publications citing this paper.
SHOWING 1-8 OF 8 CITATIONS

The assessment of information security management process capability using ISO/IEC 33072:2016 (Case study in Statistics Indonesia)

  • 2016 International Conference on Information Technology Systems and Innovation (ICITSI)
  • 2016
VIEW 1 EXCERPT
CITES BACKGROUND

The Effects of Cultural Dimensions on the Development of an ISMS Based on the ISO 27001

  • 2015 10th International Conference on Availability, Reliability and Security
  • 2015
VIEW 2 EXCERPTS
CITES BACKGROUND