Information security management system

From Free net encyclopedia

An information security management system (ISMS) is, as the name suggests, a system of management concerned with information security. The idiom arises primarily out of ISO/IEC 17799, a code of practice for information security management published by the International Organization for Standardization in 2000. ISO 17799 will be revised and re-issued this year (2005).

The best known ISMS is ISO27001, published by the ISO, complementary to ISO/IEC 17799 (developed from BS 7799-1). A system for certification against BS-7799-2:2002 is well established (But note that it is not possible to get ISO/IEC 17799 certified.)

ISM3 (pronounced ISM-cubed) is the only other ISMS that is accreditable. ISM3 was developed from ITIL, ISO 9001, CMM and ISO27001 and Information Governance concepts. ISM3 can be used as a template to make ISO 9001 compliant information security management systems. While ISO27001 is controls based, ISM3 is process based. ISM3 has process metrics included.

Other ISMS are

• ISF Standard of Good Practice
• ITIL Security Management
• COBIT v3.0

References

• BS 7799-2:2002
• ISO/IEC 17799:2000 (developed from BS 7799-1 and republished as BS ISO/IEC 17799:2000, BS 7799-1:2000)
• ISM3 v1.20

External links

• British Standard Institute
• Information Security Forum (ISF)
• ITIL Security
• ISACA Cobit
• Information Security Management Maturity Model (ISM3)

Template:Standard-stub