Difference between revisions 42241399 and 43012115 on enwiki

An '''information security management system''' (ISMS) is, as the name suggests, a system of management concerned with information security. The idiom arises primarily out of [[ISO/IEC 17799]], a code of practice for information security management published by the [[International Organization for Standardization]] in [[2000]]. ISO 17799 will be revised and re-issued this year (2005).

The best known ISMS is [[BS 7799]]-2:2002, published by the [[British Standards Institute]], complementary to ISO/IEC 17799 (developed from BS 7799-1). A system for certification against BS-7799-2:2002 is well established (But note that it is ''not'' possible to get ISO/IEC 17799 certified.) An ISO version of 7799-2 is currently developed under the name [[ISO 27001]] and is in final comment/voting stage. It is scheduled to be released late 2005/early 2006.

[[ISM3]] (pronounced ISM-cubed) is the only other ISMS that is accreditable. ISM3 was developed from [[ITIL, ]], [[ISO  9001, ]], [[CMM]] and BS7799-2 and Information Governance concepts. ISM3 can be used as a template to make ISO 9001 compliant information security management systems. The major difference between BS7799-2 and ISM3 is that the second has four maturity levels, while BS7799 takes a compliant/not compliant approach.

Other ISMS are
*[[ISF⏎
*ITIL
*]]
*[[ITIL]]
*[[COBIT]]

==References==
* [[BS 7799]]-2:2002
* [[ISF]]
* [[ISO/IEC 17799]]:2000 (developed from BS 7799-1 and republished as BS ISO/IEC 17799:2000, BS 7799-1:2000)
* [[ITIL]] / [[ITSM]]
* Cobit[[COBIT]] v3.0
* [[ISM3]] v1.0

==External links==
*[http://www.bsi-global.com/ British Standard Institute]
*[http://www.securityforum.org/html/frameset.htm Information Security Forum (ISF)]
*[http://www.itil-service-management-shop.com/security.htm ITIL Security]
*[http://www.isaca.org/ ISACA Cobit] 
*[http://www.isecom.org/projects/ism3.shtml Information Security Management Maturity Model (ISM3)]

{{standard-stub}}