博士論文
Development of ISMEE : An Information Security Management Engineering Environment
国立国会図書館館内限定公開
収録元データベースで確認する
国立国会図書館デジタルコレクション
デジタルデータあり
公開元のウェブサイトで確認する
DOI[10.24561/00010337]のデータに遷移します
Development of ISMEE : An Information Security Management Engineering Environment
- 国立国会図書館永続的識別子
- info:ndljp/pid/9506311
国立国会図書館での利用に関する注記
本資料は、掲載誌(URI)等のリンク先にある学位授与機関のWebサイトやCiNii Dissertationsから、本文を自由に閲覧できる場合があります。
資料に関する注記
一般注記:
- type:textNowadays, as information becomes one of the most important and critical assets in an organization’s business operations, it has become essent...
書店で探す
障害者向け資料で読む
目次
提供元:国立国会図書館デジタルコレクションヘルプページへのリンク
2023-09-04 再収集
全国の図書館の所蔵
国立国会図書館以外の全国の図書館の所蔵状況を表示します。
所蔵のある図書館から取寄せることが可能かなど、資料の利用方法は、ご自身が利用されるお近くの図書館へご相談ください
その他
埼玉大学学術情報リポジトリ(SUCRA)
デジタル連携先のサイトで、学術機関リポジトリデータベース(IRDB)(機関リポジトリ)が連携している機関・データベースの所蔵状況を確認できます。埼玉大学学術情報リポジトリ(SUCRA)のサイトで この本を確認
書店で探す
障害者向け資料で読む
書誌情報
この資料の詳細や典拠(同じ主題の資料を指すキーワード、著者名)等を確認できます。
デジタル
- 資料種別
- 博士論文
- 著者・編者
- Ahmad, Iqbal Hakim bin Suhaimi
- 出版年月日等
- 2014
- 出版年(W3CDTF)
- 2014
- 並列タイトル等
- 情報セキュリティマネジメント工学環境ISMEEの開発
- タイトル(掲載誌)
- 博士論文(埼玉大学大学院理工学研究科(博士後期課程))
- 授与機関名
- 埼玉大学
- 授与年月日
- 2014-09-19
- 授与年月日(W3CDTF)
- 2014-09-19
- 報告番号
- 甲第962号
- 学位
- 博士(学術)
- 博論授与番号
- 甲第962号
- 本文の言語コード
- eng
- 対象利用者
- 一般
- 一般注記
- type:textNowadays, as information becomes one of the most important and critical assets in an organization’s business operations, it has become essential for any organization to adopt a proper management system that can enable them to manage their information securely. Up to the present time, many organizations have adopted Information Security Management Systems, ISMSs, for the reason. An ISMS is a systematic management system encompasses management of humans, processes, and technologies in order to establish, implement, operate, monitor, review, maintain, and optimize information to preserve confidentiality, integrity, and availability of information.However, organizations facing many issues to establish, implement, and maintain ISMSs because an ISMS is a complex management system that requires involvement of wide range of participants with different kinds of roles and responsibilities to perform various tasks as well as managing a number of documents. To perform all tasks from establishment to optimization of ISMS are tedious activities and requires high commitment from all level of participants. Furthermore, because threats and vulnerabilities are found day by day, organizations are also required to periodically review and maintain their ISMS to achieve continuous improvement of ISMS. Moreover, because various participants perform various tasks in ISMS at different times and places, the participants tend to perform tasks based on improper method depending on situations or different approaches according to their own experiences. Consequently, it is difficult for an organization to develop a good and effective ISMS without support tools.Therefore, organizations with ISMSs demand tools that can provide them with comprehensive facilities to perform all tasks in ISMS consistently and continuously. An engineering environment that integrates various collaborative support tools is indispensable in order to provide such organizations with comprehensive facilitates to perform tasks in ISMS.There is no environment to provide comprehensive facilities for organizations with ISMSs. Although there has been some software tools to support organizations to manage information security, the supports are partially limited and tend to concentrate on specific scopes in information security. It does not take into consideration all tasks in an ISMS as well as all levels of participants in an organization. There are no tools for helping organizations to develop ISMS as a complete manner. Therefore, organizations with ISMS need supports that can provide them with comprehensive facilities to support them to perform all tasks in ISMSs.This thesis presents the development of an information security management engineering environment, named “ISMEE”, which is an engineering environment for supporting organizations with ISMSs. ISMEE integrates various support tools to provide all levels of participants to perform all tasks in preparation, establishment, implementation, operation, monitor, review, improvement, optimization, and abolishment of ISMS consistently and continuously based on ISMS international standards, ISO/IEC 27000 series. ISO/IEC 27000 series is a series of international standards for ISMS that provides best practices recommendations on information security management. This thesis presents business analysis of ISMS, basic idea for supporting ISMS with ISMEE, its requirements, design, prototype implementation, and evaluation.We performed business analysis on ISMS to identify current issues encountered by organizations while developing ISMSs and its root causes. We also analyzed all tasks, participants, and documents in ISMS to identify which parts of ISMS can be supported by software tools.The basic idea of developing ISMEE is to provide all levels of participants in an organization with comprehensive facilities to perform all tasks from preparation to abolishment of ISMS continuously and consistently according to ISMS international standards, ISO/IEC 27000 series. In order for ISMEE to provide comprehensive facilities for all levels of participants in an organization, ISMEE should support all tasks from preparation to abolishment of ISMS according to appropriate information sharing among all participants and based on various versions of ISO/IEC 27000 series. ISMEE also should support various participants to perform tasks in a correct sequent and according to a systematic method.Components of ISMEE consists of a central database system, named ISMDS (An Information Security Management Database System), and a series of support tools. ISMDS is a meta-database system that manages several databases of various versions and translations of standards in ISO/IEC 27000 series and ISMS documents. As the core component of ISMEE, ISMDS plays important roles to manage common data shared by all users, provide necessary data for support tools, and provide a platform for the integration of the support tools in ISMEE. Support tools integrated in ISMEE are a series of support tools based on ISO/IEC 27000 series for supporting various participants in an organization to perform their tasks in ISMS according to their responsibilities. The support tools cooperate each other to provide organizations with comprehensive facilities to perform various tasks in preparation, establishment, implementation, operation, monitor, review, improvement, optimization, and abolishment of ISMS.Prototype implementation of ISMEE focuses on development of tools for supporting participants to perform tasks related to preparation, establishment, implementation, monitor, review, revision, and disposal of policy documents in ISMS. It is of utmost importance to provide support from preparation to disposal of the documents because policies are the most important documents in ISMS and are the central focus of every activities in an organization’s ISMS. We have implemented ISMDS, a security policy document creator tool, a procedure document creator tool, and a general-purpose measurement and monitor tool.We then evaluated the usefulness of ISMEE.We proposed an evaluation method to show the usefulness of ISMEE and evaluated ISMEE at design level and implementation level based on the method. We then discussed how ISMEE is capable and useful to provide organizations with comprehensive facilities to perform all tasks in ISMS consistently and continuously based on ISO/IEC 27000 series. In addition, through usage of the prototype of ISMEE and feedbacks gathered, we investigated to what extent the prototype can help organizations address problems while performing tasks in ISMS. We also investigated and elaborated how taken approaches can be applied while implementing other remaining components of ISMEE for supporting all levels of participants to perform all tasks from preparation to abolishment of ISMS.This thesis is organized as follows. Chapter 1 presents the background, motivation, and purpose of this research. Chapter 2 gives explanations about ISMS and ISO/IEC 27000 series. Chapter 3 provides an analysis of tasks, participants, documents in ISMS, and identification of software supportable tasks in ISMS. Chapter 4 presents a series support tools for software supportable tasks in ISMS. Chapter 5 presents ISMDS, an Information Security Management Database System. Chapter 6 presents ISMEE, an Information Security Management Engineering Environment. Chapter 7 presents an evaluation of ISMEE, and conclusions are given in Chapter 8.Abstract iAcknowledgements ivList of figures ixList of tables x1 Introduction 11.1 Background . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11.2 Related Works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21.3 Purpose and Objectives . . . . . . . . . . . . . . . . . . . . . . . . 31.4 Structure of This Thesis . . . . . . . . . . . . . . . . . . . . . . . . 42 Information Security Management System 52.1 ISMS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52.2 ISO/IEC 27000 Series Standards . . . . . . . . . . . . . . . . . . . 72.3 ISMS Certification . . . . . . . . . . . . . . . . . . . . . . . . . . . 93 An Analysis of Software Supportable Tasks in ISMS 103.1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103.2 ISMS Life Cycle Processes . . . . . . . . . . . . . . . . . . . . . . . 103.3 Participants and Responsibilities in ISMS . . . . . . . . . . . . . . . 113.4 Documents in ISMS . . . . . . . . . . . . . . . . . . . . . . . . . . . 133.5 Phases, Processes, and Tasks in ISMS . . . . . . . . . . . . . . . . . 163.6 Relationships among Participants, Phases, Processes, Tasks, andDocuments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223.7 Issues in ISMS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 273.8 Software Supportable Tasks in ISMS . . . . . . . . . . . . . . . . . 293.9 Concluding Remarks . . . . . . . . . . . . . . . . . . . . . . . . . . 324 A Series of Support Tools for Software Supportable Tasks in ISMS 344.1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 344.2 Requirements Analysis of Support Tools . . . . . . . . . . . . . . . 354.3 A Series of Support Tools . . . . . . . . . . . . . . . . . . . . . . . 444.4 Concluding Remarks . . . . . . . . . . . . . . . . . . . . . . . . . . 465 An Information Security Management Database System (ISMDS) 475.1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 475.2 Usages of ISO/IEC 27000 Series and ISMS Documents . . . . . . . 485.3 Requirements Analysis of ISMDS . . . . . . . . . . . . . . . . . . . 505.4 Data Model for ISO/IEC 27000 Series and ISMS Documents . . . . 535.5 Design and Implementation . . . . . . . . . . . . . . . . . . . . . . 585.6 Use Cases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 615.6.1 Data Retrieval from Various Standards . . . . . . . . . . . . 615.6.2 Comparison between Different Versions of Standards . . . . 615.6.3 Comparison between Different Translations of Standards . . 615.6.4 Retrieval of terms and definitions . . . . . . . . . . . . . . . 625.7 Usefulness of ISMDS . . . . . . . . . . . . . . . . . . . . . . . . . . 625.8 Concluding Remarks . . . . . . . . . . . . . . . . . . . . . . . . . . 686 An Information Security Management Engineering Environment(ISMEE) 696.1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 696.2 ISMEE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 706.3 Requirements Analysis . . . . . . . . . . . . . . . . . . . . . . . . . 716.4 Design . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 726.5 Implementation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 786.6 Prototype Implementation . . . . . . . . . . . . . . . . . . . . . . . 796.7 Use Cases . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 846.7.1 Generation of Templates for ISMS Documents . . . . . . . . 846.7.2 Revision of ISMS Documents . . . . . . . . . . . . . . . . . 846.7.3 Translations of ISMS Documents . . . . . . . . . . . . . . . 846.7.4 Verification of ISMS Documents . . . . . . . . . . . . . . . . 846.7.5 Operation Control for Documentation . . . . . . . . . . . . . 856.7.6 Systematic Management of ISMS Documents . . . . . . . . . 856.7.7 Relationship Checking among Documents . . . . . . . . . . 856.7.8 Measurement of Documents Compliance Status . . . . . . . 856.7.9 Automated Collection of Data . . . . . . . . . . . . . . . . . 866.7.10 Measurement of Data . . . . . . . . . . . . . . . . . . . . . . 866.7.11 Review and Monitor . . . . . . . . . . . . . . . . . . . . . . 866.7.12 Management of Tasks Authority . . . . . . . . . . . . . . . . 866.7.13 Control of Tasks Sequence . . . . . . . . . . . . . . . . . . . 866.7.14 Monitor of Tasks Progress . . . . . . . . . . . . . . . . . . . 866.7.15 Management of ISMS progress . . . . . . . . . . . . . . . . . 876.7.16 Prototype Use Case Examples . . . . . . . . . . . . . . . . . 876.8 Concluding Remarks . . . . . . . . . . . . . . . . . . . . . . . . . . 1067 Evaluation 1077.1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1077.2 Evaluation Method for ISMEE . . . . . . . . . . . . . . . . . . . . . 1077.3 Evaluation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1097.3.1 Design Level Evaluation . . . . . . . . . . . . . . . . . . . . 1097.3.2 Implementation Level Evaluation . . . . . . . . . . . . . . . 1097.4 Discussion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1137.5 Concluding Remarks . . . . . . . . . . . . . . . . . . . . . . . . . . 1148 Conclusion 1158.1 Contributions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1158.2 Future Works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116Publications 124指導教員 : 程京德
- DOI
- 10.24561/00010337
- 国立国会図書館永続的識別子
- info:ndljp/pid/9506311
- コレクション(共通)
- コレクション(障害者向け資料:レベル1)
- コレクション(個別)
- 国立国会図書館デジタルコレクション > デジタル化資料 > 博士論文
- 収集根拠
- 博士論文(自動収集)
- 受理日(W3CDTF)
- 2015-10-01T11:16:23+09:00
- 作成日(W3CDTF)
- 2015-08-10
- 記録形式(IMT)
- application/pdf
- オンライン閲覧公開範囲
- 国立国会図書館内限定公開
- デジタル化資料送信
- 図書館・個人送信対象外
- 遠隔複写可否(NDL)
- 可
- 連携機関・データベース
- 国立国会図書館 : 国立国会図書館デジタルコレクション