Information Security Management System: Difference between revisions

From HORSE - Holistic Operational Readiness Security Evaluation.
Jump to navigation Jump to search
(New page: An '''Information Security Management System''' (ISMS) is, as the name suggests, a system of management concerned with information security. The idiom arises primarily out of [[ISO/IEC 177...)
 
No edit summary
Line 1: Line 1:
An '''Information Security Management System''' (ISMS) is, as the name suggests, a system of management concerned with information security. The idiom arises primarily out of [[ISO/IEC 17799]], a code of practice for information security management published by the [[International Organization for Standardization]] in [[2000]]. ISO 17799 will eventually be revised and re-issued in the [[ISO/IEC_27001|ISO 2700x suite]].
An '''Information Security Management System''' (ISMS) is, as the name suggests, a system of management concerned with information security. The idiom arises primarily out of [[ISO/IEC 17799]], a code of practice for information security management published by the [[International Organization for Standardization]] in 2000. ISO 17799 will eventually be revised and re-issued in the [[ISO/IEC_27001|ISO 2700x suite]].


The best known ISMS is [[ISO/IEC_27001|ISO/IEC 27001]], published by the [[ISO]], complementary to ISO/IEC 17799 (developed from BS 7799-1). A system for certification against BS-7799-2:2002 is well established (But note that it is ''not'' possible to get ISO/IEC 17799 certified.)
The best known ISMS is [[ISO/IEC_27001|ISO/IEC 27001]], published by the [[ISO]], complementary to ISO/IEC 17799 (developed from the original BS 7799-1). A system for certification against BS-7799-2:2002 is well established (But note that it is ''not'' possible to get ISO/IEC 17799 certified.)


[[ISM3]] (pronounced ISM-cubed) is the only other ISMS that is accreditable. ISM3 was developed from [[ITIL]], [[ISO 9001]], [[CMM]] and ISO27001 and Information Governance concepts. ISM3 can be used as a template to make ISO 9001 compliant information security management systems. While ISO27001 is controls based, ISM3 is process based. ISM3 has process metrics included.
[[ISM3]] (pronounced ISM-cubed) is the only other ISMS that is accreditable. ISM3 was developed from [[ITIL]], [[ISO 9001]], [[CMM]] and ISO 27001 and Information Governance concepts. ISM3 can be used as a template to make ISO 9001 compliant information security management systems. While ISO 27001 is controls based, ISM3 is process based. ISM3 has process metrics included.


Other ISMS are
Other ISMS are
Line 12: Line 12:
==References==
==References==
* [[BS 7799]]-2:2002
* [[BS 7799]]-2:2002
* [[ISO/IEC 17799]]:2000 (developed from BS 7799-1 and republished as BS ISO/IEC 17799:2000, BS 7799-1:2000)
* [[ISO/IEC 17799]]:2000 (developed from the original BS 7799-1 and republished as BS ISO/IEC 17799:2000, BS 7799-1:2000)
* [[ISO/IEC 27001]]
* [[ISO/IEC 27001]]
* [[ISM3]] v1.20
* [[ISM3]] v1.20

Revision as of 18:53, 8 March 2007

An Information Security Management System (ISMS) is, as the name suggests, a system of management concerned with information security. The idiom arises primarily out of ISO/IEC 17799, a code of practice for information security management published by the International Organization for Standardization in 2000. ISO 17799 will eventually be revised and re-issued in the ISO 2700x suite.

The best known ISMS is ISO/IEC 27001, published by the ISO, complementary to ISO/IEC 17799 (developed from the original BS 7799-1). A system for certification against BS-7799-2:2002 is well established (But note that it is not possible to get ISO/IEC 17799 certified.)

ISM3 (pronounced ISM-cubed) is the only other ISMS that is accreditable. ISM3 was developed from ITIL, ISO 9001, CMM and ISO 27001 and Information Governance concepts. ISM3 can be used as a template to make ISO 9001 compliant information security management systems. While ISO 27001 is controls based, ISM3 is process based. ISM3 has process metrics included.

Other ISMS are

References

External links