STATEMENT OF APPLICABILITY AS A KEY ELEMENT OF THE GIS CERTIFICATION PROCESS IN THE LIGHT OF CYBERSECURITY STANDARDS
DOI:
https://doi.org/10.57599/gisoj.2022.2.2.79Keywords:
spatial data, security, Statement of Applicability (SoA), risk, implementation processAbstract
The Statement of Applicability (SoA) is a mandatory document ISMS that you need to develop, prepare, and submit with your ISO 27001, and it is crucial in obtaining your ISO 27001 Risk Assessment and ISMS certification. According to ISO/IEC 27001, Information Security Management System is a collection of ‘that part of the general management system, based on the approach to business risk, to establish, implement, operate, monitor, review, maintain and improve information security. ISO/IEC 27001 specifies the requirements and implementation process for the Information Security Management System. However, implementing this standard without a good SoA document may prove impossible. The article presents a system model for the construction of SoA for ISMS and its certification following the ISO 27001 standard. This model aims to provide instruments for designing and generating an SoA document in relation to ISMS, covering all information processes in GIS. This model allows organizations to evaluate their current state of GIS information asset security implementation according to the best practices defined in ISO/IEC 27001. The proprietary model proposed in this article is assessed from a multi-stage perspective, which confirms that the proposed draft Statement of Use document makes a valuable and innovative contribution to information security management by considering the best practices in this field.
Downloads
Published
How to Cite
Issue
Section
License
This is an open access publication, which can be used, distributed and reproduced in any medium according to the Creative Commons CC-BY 4.0 License.