To read this content please select one of the options below:

A STOPE model for the investigation of compliance with ISO 17799‐2005

Mohamed Saad Saleh (School of Informatics, University of Bradford, Bradford, UK)
Abdullah Alrabiah (Electrical Engineering Department, King Saud University, Riyadh, Saudi Arabia)
Saad Haj Bakry (Electrical Engineering Department, King Saud University, Riyadh, Saudi Arabia)

Information Management & Computer Security

ISSN: 0968-5227

Article publication date: 21 August 2007

1013

Abstract

Purpose

With the widespread of e‐services, provided by different organizations at the internal intranet level, the business extranet level, and the public internet level, compliance with international information security management standards is becoming of increasing importance for establishing a common and safe environment for such services. The purpose of this paper is to examine the development of a mathematical model that enables the investigation of compliance of organizations with the widely acknowledged international information security management standard ISO 17799‐2005.

Design/methodology/approach

The model is based on the strategy, technology, organization, people and environment – STOPE – framework that provides an integrated well‐structured view of the various factors involved. The paper addresses the use of the model for practical investigations; it describes a practical example illustrating possible practical results.

Findings

The results show the strengths and the weaknesses of compliance, with the standard, at different levels: from the level of the measures associated with each of the “131” standard protection controls, up to the level of the STOPE domains.

Originality/value

The paper addresses the use of a mathematical model for practical investigations of compliance with the international information security management standard.

Keywords

Citation

Saad Saleh, M., Alrabiah, A. and Haj Bakry, S. (2007), "A STOPE model for the investigation of compliance with ISO 17799‐2005", Information Management & Computer Security, Vol. 15 No. 4, pp. 283-294. https://doi.org/10.1108/09685220710817806

Publisher

:

Emerald Group Publishing Limited

Copyright © 2007, Emerald Group Publishing Limited

Related articles