A STOPE model for the investigation of compliance with ISO 17799‐2005
Abstract
Purpose
With the widespread of e‐services, provided by different organizations at the internal intranet level, the business extranet level, and the public internet level, compliance with international information security management standards is becoming of increasing importance for establishing a common and safe environment for such services. The purpose of this paper is to examine the development of a mathematical model that enables the investigation of compliance of organizations with the widely acknowledged international information security management standard ISO 17799‐2005.
Design/methodology/approach
The model is based on the strategy, technology, organization, people and environment – STOPE – framework that provides an integrated well‐structured view of the various factors involved. The paper addresses the use of the model for practical investigations; it describes a practical example illustrating possible practical results.
Findings
The results show the strengths and the weaknesses of compliance, with the standard, at different levels: from the level of the measures associated with each of the “131” standard protection controls, up to the level of the STOPE domains.
Originality/value
The paper addresses the use of a mathematical model for practical investigations of compliance with the international information security management standard.
Keywords
Citation
Saad Saleh, M., Alrabiah, A. and Haj Bakry, S. (2007), "A STOPE model for the investigation of compliance with ISO 17799‐2005", Information Management & Computer Security, Vol. 15 No. 4, pp. 283-294. https://doi.org/10.1108/09685220710817806
Publisher
:Emerald Group Publishing Limited
Copyright © 2007, Emerald Group Publishing Limited