Information security management system
|
|
An information security management system (ISMS) is, as the name suggests, a system of management concerned with information security. The idiom arises primarily out of ISO/IEC 17799, a code of practice for information security management published by the International Organization for Standardization in 2000. ISO 17799 will be revised and re-issued this year (2005).
The best known ISMS is BS 7799-2:2002, published by the British Standards Institute, complementary to ISO/IEC 17799 (developed from BS 7799-1). A system for certification against BS-7799-2:2002 is well established (But note that it is not possible to get ISO/IEC 17799 certified.)
ISM3 (pronounced ISM-cubed) is the only other ISMS that is accreditable. ISM3 was developed from ITIL, ISO9001, CMM and BS7799-2 and Information Governance concepts. ISM3 can be used as a template to make ISO9001 compliant information security management systems. The major difference between BS7799-2 and ISM3 is that the second has four maturity levels, while BS7799 takes a compliant/not compliant approach.
Other ISMS are
- ISF
- ITIL
- COBIT
Reference
- BS 7799-2:2002
- ISF
- ISO/IEC 17799:2000 (developed from BS 7799-1 and republished as BS ISO/IEC 17799:2000, BS 7799-1:2000)
- ITIL / ITSM
- Cobit v3.0
- ISM3 v1.0
External links
- British Standard Institute (http://www.bsi-global.com/)
- Information Security Forum (ISF) (http://www.securityforum.org/html/frameset.htm)
- ITIL Security (http://www.itil-service-management-shop.com/security.htm)
- ISACA Cobit (http://www.isaca.org/)
- Information Security Management Maturity Model (ISM3) (http://www.isecom.org/projects/ism3.shtml)