Framework to implement information security management systems: An asset to project management processes

Abstract

This article shows how the creation of a quality framework, composed by processes to implement an information security management system (ISMS), provides a methodological approach and assets that can be used in project management processes. The content of this framework meets the requirements suggested by the standard ISO/IEC 27001 for implementing an ISMS and they were systematized by means of the SPEM 2.0 meta-model and the Eclipse Process Framework Composer software. The results show how it is possible to derive benefits for the project management processes recommended by the Management Institute Project Management (PMI) and also offers benefits in terms of quality. Besides it provides a systematic approach that can be replicated to comprise knowledge in project management methodology.