Difference between revisions 55232979 and 59624590 on enwikiAn '''information security management system''' (ISMS) is, as the name suggests, a system of management concerned with information security. The idiom arises primarily out of [[ISO/IEC 17799]], a code of practice for information security management published by the [[International Organization for Standardization]] in [[2000]]. ISO 17799 will be revised and re-issued this year (2005).
The best known ISMS is ISO27001, published by the [[ISO]], complementary to ISO/IEC 17799 (developed from BS 7799-1). A system for certification against BS-7799-2:2002 is well established (But note that it is ''not'' possible to get ISO/IEC 17799 certified.)
[[ISM3]] (pronounced ISM-cubed) is the only other ISMS that is accreditable. ISM3 was developed from [[ITIL]], [[ISO 9001]], [[CMM]] and ISO27001 and Information Governance concepts. ISM3 can be used as a template to make ISO 9001 compliant information security management systems. While ISO27001 is controls based, ISM3 is process based. ISM3 has process metrics included.
Other ISMS are
*[[Information Security Forum|ISF]] [[Standard of Good Practice]]
*[[Information Technology Infrastructure Library#Security Management|ITIL Security Management]]
*[[COBIT]] v3.0
==References==
* [[BS 7799]]-2:2002
* [[ISO/IEC 17799]]:2000 (developed from BS 7799-1 and republished as BS ISO/IEC 17799:2000, BS 7799-1:2000)
* [[ISM3]] v1.20.
==External links==
*[http://www.bsi-global.com/ British Standard Institute]
*[http://www.securityforum.org/html/frameset.htm Information Security Forum (ISF)]
*[http://www.itil-service-management-shop.com/security.htm ITIL Security]
*[http://www.isaca.org/ ISACA Cobit]
*[http://www.ism3.com Information Security Management Maturity Model (ISM3)]
{{standard-stub}}
This site is not affiliated with or endorsed in any way by the Wikimedia Foundation or any of its affiliates. In fact, we fucking despise them.
|
