Using the Bell Labs security framework to enhance the ISO 17799/27001 information security management system

• Published in: Bell Labs technical journal Vol. 12; no. 3; pp. 39 - 54
• Main Authors: McGee, Andrew R., Bastry, Frank A., Chandrashekhar, Uma, Vasireddy, S. Rao, Flynn, Lori A.
• Format: Journal Article
• Language: English
• Published: Hoboken IEEE 01.09.2007; Wiley Subscription Services, Inc., A Wiley Company
• ISSN: 1089-7089; 1538-7305
• DOI: 10.1002/bltj.20248

The global information technology (IT) industry recognizes the need for standards to improve the quality and consistency of security for IT products and services. As such, the International Organization for Standardization/International Electrotechnical Commission (ISO/IEC) 27000 series is focusing on the requirements, security controls, and implementation guidance for an organization's information security management system (ISMS). This guidance establishes general principles that can be used in various industries and government; however, standardized techniques are also needed to identify, implement, and operate security controls as part of the ISMS life cycle. The Bell Labs Security Framework identifies both the minimal and differentiating security controls by decomposing an IT product or service into a layered hierarchy of equipment and facilities groupings and examining the types of activities that occur at each layer in a standardized manner. Furthermore, the Bell Labs Security Framework security dimensions provide the necessary mechanisms to implement and operate the selected controls. The Bell Labs Security Framework enhances the ISO/IEC 27000 series by providing a comprehensive end-to-end approach to implementing IT security. © 2007 Alcatel-Lucent.