Information Security Management System: Difference between revisions

From HORSE - Holistic Operational Readiness Security Evaluation.
Jump to navigation Jump to search
No edit summary
No edit summary
 
(One intermediate revision by the same user not shown)
Line 1: Line 1:
An '''Information Security Management System''' (ISMS) is, as the name suggests, a system of management concerned with information security. The idiom arises primarily out of [[ISO/IEC 17799]], a code of practice for information security management published by the [[International Organization for Standardization]] in 2000. ISO 17799 will eventually be revised and re-issued in the [[ISO/IEC_27001|ISO 2700x suite]].
An '''Information Security Management System''' (ISMS) is, as the name suggests, a system of management concerned with information security. The idiom arises primarily out of [[ISO/IEC 17799]], a code of practice for information security management published by the [[International Organization for Standardization]] in 2000. ISO 17799 will eventually be revised and re-issued in the [[ISO/IEC_27001|ISO 2700x suite]].


The best known ISMS is [[ISO/IEC_27001|ISO/IEC 27001]], published by the [[ISO]], complementary to ISO/IEC 17799 (developed from the original BS 7799-1). A system for certification against BS-7799-2:2002 is well established (But note that it is ''not'' possible to get ISO/IEC 17799 certified.)
The best known ISMS is [[ISO/IEC_27001|ISO/IEC 27001]], published by the [http://www.iso.org ISO], complementary to ISO/IEC 17799 (developed from the original BS 7799-1). A system for certification against BS-7799-2:2002 is well established (But note that it is ''not'' possible to get ISO/IEC 17799 certified.)


[[ISM3]] (pronounced ISM-cubed) is the only other ISMS that is accreditable. ISM3 was developed from [[ITIL]], [[ISO 9001]], [[CMM]] and ISO 27001 and Information Governance concepts. ISM3 can be used as a template to make ISO 9001 compliant information security management systems. While ISO 27001 is controls based, ISM3 is process based. ISM3 has process metrics included.
[[ISM3]] (pronounced ISM-cubed) is the only other ISMS that is accreditable. ISM3 was developed from [[ITIL]], [[ISO 9001]], [[CMM]] and ISO 27001 and Information Governance concepts. ISM3 can be used as a template to make ISO 9001 compliant information security management systems. While ISO 27001 is controls based, ISM3 is process based. ISM3 has process metrics included.
Line 7: Line 7:
Other ISMS are
Other ISMS are
*[[Information Security Forum|ISF]] [[Standard of Good Practice]]
*[[Information Security Forum|ISF]] [[Standard of Good Practice]]
*[[Information Technology Infrastructure Library#Security Management|ITIL Security Management]]
*[[Security_Management: | ITIL Security Management]]
*[[COBIT]] v4.0
*[[COBIT]] v4.0


Line 17: Line 17:


==External links==
==External links==
*[http://www.lazarusalliance.com/horsewiki/ Lazarus Alliance HORSE project Wiki]
*[http://www.bsi-global.com/ British Standard Institute]
*[http://www.bsi-global.com/ British Standard Institute]
*[http://www.securityforum.org/html/frameset.htm Information Security Forum (ISF)]
*[http://www.securityforum.org/html/frameset.htm Information Security Forum (ISF)]

Latest revision as of 17:09, 22 March 2007

An Information Security Management System (ISMS) is, as the name suggests, a system of management concerned with information security. The idiom arises primarily out of ISO/IEC 17799, a code of practice for information security management published by the International Organization for Standardization in 2000. ISO 17799 will eventually be revised and re-issued in the ISO 2700x suite.

The best known ISMS is ISO/IEC 27001, published by the ISO, complementary to ISO/IEC 17799 (developed from the original BS 7799-1). A system for certification against BS-7799-2:2002 is well established (But note that it is not possible to get ISO/IEC 17799 certified.)

ISM3 (pronounced ISM-cubed) is the only other ISMS that is accreditable. ISM3 was developed from ITIL, ISO 9001, CMM and ISO 27001 and Information Governance concepts. ISM3 can be used as a template to make ISO 9001 compliant information security management systems. While ISO 27001 is controls based, ISM3 is process based. ISM3 has process metrics included.

Other ISMS are

References

External links