DEVELOPING AN EVALUATION FRAMEWORK FOR INFORMAT SYSTEM SECURITY VIA ISO 17799 MODEL

A Zaied
2012 Egyptian Journal for Engineering Sciences and Technology  
Information system security (ISS) plays an important role in protecting the assets of an organization. The functioning of modern organizations is increasingly reliant on computers and global networks. In such organizations, ISS aimed at ensuring the confidentiality; integrity; and availability of information. So, organizations need practical security benchmarking tools in order to plan effective security strategies. Evaluating information systems security is a process which involves
more » ... gathering; and analyzing security functionality and assurance level against certain standards. This can result in a measure of trust that indicates how well the system meets a particular security target. This paper attempts to provide an interpretation of ISO/IEC 17799, 2005 (ISO/IEC 27002) applications by adapting an evaluation framework for organization information system security level. An empirical study is performed to aid in validating the used framework. The results show that the framework is helpful for decision makers to decide the priorities and courses of actions should be taken to improve the organization security maturity level.
doi:10.21608/eijest.2012.96725 fatcat:vhrikok7sjhzlkw67bciqckbpi