Information Security Integral Engineering Technique and its Application in ISMS Design

Abstract

This paper proposes a technique for the design and implementation of the information security management system (ISMS) for small and medium enterprises (SMEs). The technique is based on ISO 27001 standard ISMS requirements object model. The model was designed using methods and tools of the information security integral engineering (ISIE) framework, so the first part of the paper also briefly describes some features, components and engineering methods within the ISIE framework, which are important in practical applications but were presented insufficiently or were not presented at all in the previous papers. Along with the description of a general ISMS design and implementation method, the paper provides an example of the application of this method to design ISMS for city medium telecommunication SME. The paper also gives the evaluation of the technique's efficiency.