Difference between revisions 579059252 and 579059955 on enwiki

< previous diff
next diff >
Information security management system
[[File:Risk Management Elements.jpg|thumb|Plan-Do-Check-Act Cycle]]
[[File:Isms framework.jpg|thumb|ENISA: Risk Management and Isms activities]]
An '''information security management system'''<ref>{{cite web|title=Security management system’s usability key to easy adoption|url=http://www.sourcesecurity.com/news/articles/co-4108-ga.8554.html|publisher=sourcesecurity.com|accessdate=22 August 2013}}</ref>  (ISMS) is a set of policies concerned with [[information securi(contracted; show full)

Below table illustrate the certification structure comparison of some best known ISMSs:<ref name=isms/><br />
{| class="wikitable"
|-
! !! '''BS 7799''' !! '''CC''' !! '''ITSEC'''
|-
| '''Operation Area''' || England || About 2
25 Countries|| European Countries
|-
| '''Basic Structure''' || - 6 Management phases<br /> - 11 Security domains<br /> - 139 Control objectives<br /> - 133 Security controls  || - 3 Parts<br /> - 11 Security functional requirements<br /> - 8 Assurance requirements || - 4 Phases<br /> - 6 Levels
|-
(contracted; show full)
* fully comply with the organization philosophy and mindset by providing a system that instead of preventing people from doing what they are employed to do, it will enable them to do it in control and demonstrate their fulfilled accountabilities;
* be based on continuous training and awareness of staff and avoid the use of disciplinary measures and “police” or “military” practices;
* be a never ending process;

== Dynamic issues in ISMS ==
There are three main problems 
which leads to uncertainty in information security management systems (ISMS):<ref>{{cite journal|last=Abbas|first=Haider|coauthors=Magnusson, Christer; Yngstrom, Louise; Hemani, Ahmed|title=Addressing dynamic issues in information security management|journal=Information Management & Computer Security|date=1 January 2011|year=2011|volume=19|issue=1|pages=5–24|doi=10.1108/09685221111115836|accessdate=26 October 2013}}</ref> 
(contracted; show full)* [[WARP (information security)]]
* [[TRAC (ISMS)]]

== Notes and references ==
<references/>


[[Category:Data security]]