Information Security Management System

From HORSE - Holistic Operational Readiness Security Evaluation.
Revision as of 18:53, 8 March 2007 by Mdpeters (talk | contribs)
Jump to navigation Jump to search

An Information Security Management System (ISMS) is, as the name suggests, a system of management concerned with information security. The idiom arises primarily out of ISO/IEC 17799, a code of practice for information security management published by the International Organization for Standardization in 2000. ISO 17799 will eventually be revised and re-issued in the ISO 2700x suite.

The best known ISMS is ISO/IEC 27001, published by the ISO, complementary to ISO/IEC 17799 (developed from the original BS 7799-1). A system for certification against BS-7799-2:2002 is well established (But note that it is not possible to get ISO/IEC 17799 certified.)

ISM3 (pronounced ISM-cubed) is the only other ISMS that is accreditable. ISM3 was developed from ITIL, ISO 9001, CMM and ISO 27001 and Information Governance concepts. ISM3 can be used as a template to make ISO 9001 compliant information security management systems. While ISO 27001 is controls based, ISM3 is process based. ISM3 has process metrics included.

Other ISMS are

References

External links