Vis enkel innførsel

dc.contributor.authorBeckers, Kristian
dc.contributor.authorHeisel, Maritta
dc.contributor.authorSolhaug, Bjørnar
dc.contributor.authorStølen, Ketil
dc.date.accessioned2017-02-28T11:07:32Z
dc.date.available2017-02-28T11:07:32Z
dc.date.created2016-02-24T11:07:01Z
dc.date.issued2013
dc.identifier.isbn9788214053388
dc.identifier.urihttp://hdl.handle.net/11250/2432316
dc.description.abstractRealizing security and risk management standards may be challenging, partly because the descriptions of what to realize are often generic and have to be refined by security experts. Removing this ambiguity is time intensive for security experts, because the experts have to interpret all the required tasks in the standard on their own. In our previous work we showed how to use security requirements engineering methods for the development and documentation of the ISO 27001 security standard. In this paper we (i) create an extension of the CORAS methodology for risk management that supports the ISO 27001 standard, (ii) validate the method via comparing its resulting artifacts to the artifacts of an industrial ISO 27001 application, and (iii) discuss the advantages of our method compared to the industrial state-of-the-art. We apply our method to a smart grid scenario provided by the industrial partners of the NESSoS project. Oppdragsgiver: European Commission
dc.language.isoengnb_NO
dc.publisherSINTEFnb_NO
dc.relation.ispartofSINTEF Rapport
dc.relation.ispartofseriesSINTEF Rapport;
dc.titleISMS-CORAS: A Structured Method for Establishing an ISO 27001 Compliant Information Security Management Systemnb_NO
dc.typeResearch reportnb_NO
dc.source.pagenumber69nb_NO
dc.source.issueA25626nb_NO
dc.identifier.cristin1339537
dc.relation.projectStiftelsen SINTEF: 102002252nb_NO
cristin.unitcode7401,90,12,0
cristin.unitnameNettbaserte systemer og tjenester
cristin.ispublishedtrue
cristin.fulltextoriginal


Tilhørende fil(er)

Thumbnail

Denne innførselen finnes i følgende samling(er)

Vis enkel innførsel