Building on this foundation we constructed the ISO 27001
metamodel and evaluated it semantically in prior work [14,
15]. In the next chapter the metamodel will be presented again
before it is tested for its applicability in information security
management processes.