Portal de Periódicos da CAPES

Using the Bell Labs security framework to enhance the ISO 17799/27001 information security management system

2007; Wiley; Volume: 12; Issue: 3 Linguagem: Inglês

10.1002/bltj.20248

1538-7305

Andrew R. McGee, Frank A. Bastry, Uma Chandrashekhar, S. Rao Vasireddy, Lori A. Flynn,

Information and Cyber Security

The global information technology (IT) industry recognizes the need for standards to improve the quality and consistency of security for IT products and services. As such, the International Organization for Standardization/International Electrotechnical Commission (ISO/IEC) 27000 series is focusing on the requirements, security controls, and implementation guidance for an organization's information security management system (ISMS). This guidance establishes general principles that can be used in various industries and government; however, standardized techniques are also needed to identify, implement, and operate security controls as part of the ISMS life cycle. The Bell Labs Security Framework identifies both the minimal and differentiating security controls by decomposing an IT product or service into a layered hierarchy of equipment and facilities groupings and examining the types of activities that occur at each layer in a standardized manner. Furthermore, the Bell Labs Security Framework security dimensions provide the necessary mechanisms to implement and operate the selected controls. The Bell Labs Security Framework enhances the ISO/IEC 27000 series by providing a comprehensive end-to-end approach to implementing IT security. © 2007 Alcatel-Lucent.