Bibtex de la publication

@TechReport{ KaBeBaGrLa2007.1,
author = {Kamel, Michel and Benzekri, Abdelmalek and Barrère, François and Grasset, Frédéric and Laborde, Romain},
title = "{Virtual Organizations: Information Security Management Process}",
year = {2007},
month = {septembre},
type = {Rapport de contrat},
number = {D0.3.3_2v2},
institution = {IRIT},
address = {Université Paul Sabatier, Toulouse},
language = {anglais},
URL = {},
keywords = {Virtual Organization, Information Security, Information Security Management System, ISO/IEC 17799, ISO/IEC 27001, maturity level},
note = {VIVACE project deliverable},
abstract = {SMEs wishing to build Virtual Organizations face new security constraints when choosing the solution to interconnect their information systems and form the collaborative workspace. Many solutions may be adopted: 1) Externalize the SMEs’ activities to third parties and thus, they do not treat the security issues that emanate from such interconnection. 2) Internalize the SMEs’ activities and thus, they keep control on their own resources once put at the disposal of partners. For internalization, two approaches may be adopted: centralized and decentralized management approaches. Choosing one of these three solutions depends on the ability of these SMEs to realize, or not, their activities and be trustee organizations so that their partners may rely on them. In order to respond to such constraints, we provide SMEs with a tool that evaluates the maturity of their respective security practices and then provides a decision support system. This tool is based on the ISO/IEC 17799 international security standard. In addition, we propose the adaptation of the ISO/IEC 27001 standard to the Virtual Organization context so that SMEs can enhance their maturity level and then they will be more trustee organizations.}