Internet Archive Scholar

Navigating the Information Security Landscape: Mapping the Relationship Between ISO 15408: 1999 and ISO 17799: 2000

Cynthia Hoxey, Daniel Shoemaker
2005 Americas Conference on Information Systems  

Preserved Fulltext

fulltext thumbnail
Web Archive Capture PDF (246.3 kB)
https://web.archive.org/web/20200321135230/https://aisel.aisnet.org/cgi/viewcontent.cgi?referer=&httpsredir=1&article=1988&context=amcis2005

A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2020; you can also visit the original URL. The file type is application/pdf.

It is crucial for corporations operating in a multinational economy to have a seamless understanding of the security process. For information assurance, ISO 15408:1999 (i.e. Common Criteria) and ISO 17799:2000 are the key standards, both of which are needed for implementing a global approach to security. They provide a definition of the necessary elements of the process as well as the basis for authoritative certification. However, the standards are entirely different in focus. The former is
more » ... duct-oriented while the latter is strategic and organizational. That divergence is an obstacle to creating secure enterprises and it causes disagreement about the meaning and value of the certifications. Mapping the relationship between ISO 15408 and ISO 17799 demonstrates their strengths and weaknesses and encourages organizations to use these standards effectively. The results of our study indicate that while there are overlaps between these two standards, there are also significant gaps.
dblp:conf/amcis/HoxeyS05 fatcat:pjhp4kafwbcgzpoyit7zd4omde
Citation

Cynthia Hoxey, Daniel Shoemaker. "Navigating the Information Security Landscape: Mapping the Relationship Between ISO 15408: 1999 and ISO 17799: 2000." Americas Conference on Information Systems (2005) 448