Andrew R. McGee, Frank A. Bastry, Uma Chandrashekhar, S. Rao Vasireddy and Lori A. Flynn

The global information technology (IT) industry recognizes the need for standards to improve the quality and consistency of security for IT products and services. As such, the International Organization for Standardization/International Electro technical Commission (ISO/IEC) 27000 series is focusing on the requirements, security controls, and implementation guidance for an organizations information security management system (ISMS). This guidance establishes general principles that can be used in various industries and government; however, standardized techniques are also needed to identify, implement, and operate security controls as part of the ISMS life cycle. The Bell Labs Security Framework identifies both the minimal and differentiating security controls by decomposing an IT product or service into a layered hierarchy of equipment and facilities groupings and examining the types of activities that occur at each layer in a standardized manner. Furthermore, the Bell Labs Security Framework security dimensions provide the necessary mechanisms to implement and operate the selected controls. The Bell Labs Security Framework enhances the ISO/IEC 27000 series by providing a comprehensive end-to-end approach to implementing IT security. © 2007 Alcatel-Lucent.