Security Review based on ISO 27000/ ISO 27001/ ISO 27002 Standards: A Case Study Research
Recently, many organizations have higher demands for implementing a secure software system by adopting
standards of security management. The ISO 27000 family standards are common for targeting different assets at an
organization for developing its security activities. This study aims to target a number of review and audit activities at ISO
27000/ ISO 27001/ ISO 27002 standards by conducting a case study research methodology on an existing web-based software
application in order to deal with physical and environmental security resources. The findings of this paper addressed a
mismatched terminology an organization with ISO 27000 terminologies, ISO 27001 addressed a security policy for security
requirements to the targeted organization, and ISO 27002 intended with reviewing and auditing the existing software source
code. The original value of this paper shows that the use of ISO 27000/ISO 27001/ISO 27002 is quite different of developing
an existing secure system rather than developing a new build secure system in terms of challenges of reviewing and auditing
processes on existing resources.
Keywords - Security Standards, ISO/IEC 27000, 27001, and 27002, Security Review, Case Study.