Information Security Management System: Difference between revisions
(New page: An '''Information Security Management System''' (ISMS) is, as the name suggests, a system of management concerned with information security. The idiom arises primarily out of [[ISO/IEC 177...) |
No edit summary |
||
| (2 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
An '''Information Security Management System''' (ISMS) is, as the name suggests, a system of management concerned with information security. The idiom arises primarily out of [[ISO/IEC 17799]], a code of practice for information security management published by the [[International Organization for Standardization]] in | An '''Information Security Management System''' (ISMS) is, as the name suggests, a system of management concerned with information security. The idiom arises primarily out of [[ISO/IEC 17799]], a code of practice for information security management published by the [[International Organization for Standardization]] in 2000. ISO 17799 will eventually be revised and re-issued in the [[ISO/IEC_27001|ISO 2700x suite]]. | ||
The best known ISMS is [[ISO/IEC_27001|ISO/IEC 27001]], published by the [ | The best known ISMS is [[ISO/IEC_27001|ISO/IEC 27001]], published by the [http://www.iso.org ISO], complementary to ISO/IEC 17799 (developed from the original BS 7799-1). A system for certification against BS-7799-2:2002 is well established (But note that it is ''not'' possible to get ISO/IEC 17799 certified.) | ||
[[ISM3]] (pronounced ISM-cubed) is the only other ISMS that is accreditable. ISM3 was developed from [[ITIL]], [[ISO 9001]], [[CMM]] and | [[ISM3]] (pronounced ISM-cubed) is the only other ISMS that is accreditable. ISM3 was developed from [[ITIL]], [[ISO 9001]], [[CMM]] and ISO 27001 and Information Governance concepts. ISM3 can be used as a template to make ISO 9001 compliant information security management systems. While ISO 27001 is controls based, ISM3 is process based. ISM3 has process metrics included. | ||
Other ISMS are | Other ISMS are | ||
*[[Information Security Forum|ISF]] [[Standard of Good Practice]] | *[[Information Security Forum|ISF]] [[Standard of Good Practice]] | ||
*[[ | *[[Security_Management: | ITIL Security Management]] | ||
*[[COBIT]] v4.0 | *[[COBIT]] v4.0 | ||
==References== | ==References== | ||
* [[BS 7799]]-2:2002 | * [[BS 7799]]-2:2002 | ||
* [[ISO/IEC 17799]]:2000 (developed from BS 7799-1 and republished as BS ISO/IEC 17799:2000, BS 7799-1:2000) | * [[ISO/IEC 17799]]:2000 (developed from the original BS 7799-1 and republished as BS ISO/IEC 17799:2000, BS 7799-1:2000) | ||
* [[ISO/IEC 27001]] | * [[ISO/IEC 27001]] | ||
* [[ISM3]] v1.20 | * [[ISM3]] v1.20 | ||
==External links== | ==External links== | ||
*[http://www.lazarusalliance.com/horsewiki/ Lazarus Alliance HORSE project Wiki] | |||
*[http://www.bsi-global.com/ British Standard Institute] | *[http://www.bsi-global.com/ British Standard Institute] | ||
*[http://www.securityforum.org/html/frameset.htm Information Security Forum (ISF)] | *[http://www.securityforum.org/html/frameset.htm Information Security Forum (ISF)] | ||
Latest revision as of 17:09, 22 March 2007
An Information Security Management System (ISMS) is, as the name suggests, a system of management concerned with information security. The idiom arises primarily out of ISO/IEC 17799, a code of practice for information security management published by the International Organization for Standardization in 2000. ISO 17799 will eventually be revised and re-issued in the ISO 2700x suite.
The best known ISMS is ISO/IEC 27001, published by the ISO, complementary to ISO/IEC 17799 (developed from the original BS 7799-1). A system for certification against BS-7799-2:2002 is well established (But note that it is not possible to get ISO/IEC 17799 certified.)
ISM3 (pronounced ISM-cubed) is the only other ISMS that is accreditable. ISM3 was developed from ITIL, ISO 9001, CMM and ISO 27001 and Information Governance concepts. ISM3 can be used as a template to make ISO 9001 compliant information security management systems. While ISO 27001 is controls based, ISM3 is process based. ISM3 has process metrics included.
Other ISMS are
References
- BS 7799-2:2002
- ISO/IEC 17799:2000 (developed from the original BS 7799-1 and republished as BS ISO/IEC 17799:2000, BS 7799-1:2000)
- ISO/IEC 27001
- ISM3 v1.20