Refinement of Strategy and Technology Domains STOPE View on ISO 27001 (1204.1385v1)

Abstract: It is imperative for organizations to us Information Security Management System (ISMS) to effectively manage their information assets. ISMS starts with a set of policies that dictate the usage computer resources. It starts with the "21 essential security controls" of ISO 27001, which give the basic standard requirements of information security management. Our research is concerned with the assessment of the application of these controls to organizations. STOPE (Strategy, Technology Organization, People and Environment) methodologies were used to integrated domains as a framework for this assessment. The controls are mapped on these domains and subsequently refined into "246 simple and easily comprehended elements".