Difference between revisions 753318487 and 765625836 on enwiki

[[File:Risk Management Elements.jpg|thumb|Plan-Do-Check-Act Cycle]]
[[File:Isms framework.jpg|thumb|ENISA: Risk Management and Isms activities]]
An '''information security management system'''<ref>{{cite web|title=Security management system’s usability key to easy adoption|url=http://www.sourcesecurity.com/news/articles/co-4108-ga.8554.html|publisher=sourcesecurity.com|accessdate=22 August 2013}}</ref>  (ISMS) is a set of policies concerned with [[information securi(contracted; show full)

However, the latest standard, [[ISO/IEC 27001:2013]], does not emphasise the Deming cycle anymore. The ISMS user is free to use any management process (improvement) approach like PDCA or [[Six Sigma]]s [[DMAIC]].

Another competing ISMS is [[Information Security Forum]]'s ''[[Standard of Good Practice]]'' (SOGP). It is more [[best practice]]-based as it comes from ISF's industry experiences.


Yet another competing ISMS is [[The Open Group]]'s "Open Information Security Maturity Model" (O-ISM3). It is more [[Scientific method]]-based.⏎
⏎
Some best-known ISMSs for computer security certification are the [[Common Criteria]] (CC) international standard and its predecessors [[Information Technology Security Evaluation Criteria]] (ITSEC) and [[Trusted Computer System Evaluation Criteria]] (TCSEC).<ref name="isms">{{cite journal|last=Jo|first=Heasuk|author2=Kim, Seungjoo |author3=Won, Dongho |title=Advanced information security management evaluation system|journal=KSII Transactions on Internet and Information Systems|date=1 Januar(contracted; show full)* [[ISO/IEC 27002]]
* [[NIST]]

== References ==
<references/>

{{Authority control}}
[[Category:Data security]]