Refinement of Strategy and Technology Domains STOPE View on ISO 27001
This work provides a domain-specific tool for organizations to assess and implement information security management, but it is incremental as it builds on existing standards and frameworks.
The research tackled the problem of applying ISO 27001 security controls in organizations by mapping them onto the STOPE framework, resulting in a refinement into 246 simplified elements for easier comprehension.
It is imperative for organizations to us Information Security Management System (ISMS) to effectively manage their information assets. ISMS starts with a set of policies that dictate the usage computer resources. It starts with the "21 essential security controls" of ISO 27001, which give the basic standard requirements of information security management. Our research is concerned with the assessment of the application of these controls to organizations. STOPE (Strategy, Technology Organization, People and Environment) methodologies were used to integrated domains as a framework for this assessment. The controls are mapped on these domains and subsequently refined into "246 simple and easily comprehended elements".