Visible to the public Towards Automation in Information Security Management Systems

TitleTowards Automation in Information Security Management Systems
Publication TypeConference Paper
Year of Publication2017
AuthorsBrunner, M., Sillaber, C., Breu, R.
Conference Name2017 IEEE International Conference on Software Quality, Reliability and Security (QRS)
KeywordsADAMANT, automated process execution, Automation, context-aware ISMS, continuous risk-driven ISMS, data protection, highly interconnected information security management, Human Behavior, human factors, information protection, Information security, Information Security Management System, information security management systems, Information Security Risk Management, Information systems, ISMS related activities, ISO 27001 compliant ISMS, Metrics, Process Automation, pubcrawl, Resiliency, risk management, Scalability, security controls automation, security of data, security requirements, small and medium-sized enterprises, small-to-medium enterprises, Stakeholders, Standards, Tools, ubiquitous computing, Ubiquitous Computing Security, workflow enactment

Establishing and operating an Information Security Management System (ISMS) to protect information values and information systems is in itself a challenge for larger enterprises and small and medium sized businesses alike. A high level of automation is required to reduce operational efforts to an acceptable level when implementing an ISMS. In this paper we present the ADAMANT framework to increase automation in information security management as a whole by establishing a continuous risk-driven and context-aware ISMS that not only automates security controls but considers all highly interconnected information security management tasks. We further illustrate how ADAMANT is suited to establish an ISO 27001 compliant ISMS for small and medium-sized enterprises and how not only the monitoring of security controls but a majority of ISMS related activities can be supported through automated process execution and workflow enactment.

Citation Keybrunner_towards_2017