If you spot content on this site that is genuinely illegal or actually puts someone in real danger, contact [email protected]. We have multiple agents reviewing tickets 24/7. Note that we try to maintain as much transparency as possible, both about ourselves and of the actions of Wikipedians. For example, if we removed a live link to CSAM content that was posted by a Wikipedia admin, we would replace it a placeholder like "<link to CSAM that was posted by Demiurge1000 redacted by Undersight>". Note that "I don't like it" is NOT a valid removal reason.

If instead you are a Wikipedophile trying to get all the dark secrets of Wikipedia censored, please follow this guide instead.

If you would like to contact the owner of this about something else (e.g. press inquires, feature requests, bug reports), e-mail [email protected] or [email protected].

Difference between revisions 765625836 and 765625956 on enwiki

< previous diff

next diff >

Information security management system

[[File:Risk Management Elements.jpg|thumb|Plan-Do-Check-Act Cycle]]
[[File:Isms framework.jpg|thumb|ENISA: Risk Management and Isms activities]]
An '''information security management system'''<ref>{{cite web|title=Security management system’s usability key to easy adoption|url=http://www.sourcesecurity.com/news/articles/co-4108-ga.8554.html|publisher=sourcesecurity.com|accessdate=22 August 2013}}</ref>  (ISMS) is a set of policies concerned with [[information securi(contracted; show full)

Other frameworks such as [[COBIT]] and [[ITIL]] touch on security issues, but are mainly geared toward creating a governance framework for information and IT more generally. COBIT has a companion framework ''[[Risk IT]]'' dedicated to Information security.
⏎
The below table provides a certification structure comparison of some of the best-known ISMSs:<ref name="isms" /><br />
{| class="wikitable"
|-
! !! '''BS 7799''' !! '''Common Criteria''' !! '''IT Security Evaluation Criteria'''
|-
| '''Operation Area''' || UK || About 25 Countries|| European Countries
|-
| '''Basic Structure''' || - 6 Management phases<br /> - 11 Security domains<br /> - 139 Control objectives<br /> - 133 Security controls  || - 3 Parts<br /> - 11 Security functional requirements<br /> - 8 Assurance requirements || - 4 Phases<br /> - 6 Levels
|-
| '''Management Process'''|| 1- Define policy<br />2- Define scope<br />3- Assess risk<br />4- Manage risk<br />5- Select controls to be implemented and applied <br />6- Prepare a statement of applicability || 1- PP/ST introduction<br />2- Conformance claims<br /> 3- Security problem definition<br />4- Security objectives<br />5- Extended components definition<br />
6- Security requirements<br />7- TOE summary specification 
|| 1. Requirements<br />2- Architectural Design<br />3- Detailed Design<br />4- Implementation
|-
| '''Difference of Process'''|| Emphasis on managerial security || Emphasis on technical security || Emphasis on managerial security
|-
| '''Specification Control Point'''|| Provide best code of practice for information security management || Provide common set of requirements for the security functionality of IT products || Provide common set of requirements for the security functionality of IT products
|-
| '''Evaluation Method'''|| Use the PDCA model cycle || Follow each certification evaluation procedure || Follow commission of European communities
|}

There are a number of initiatives focused to the governance and organizational issues of securing information systems having in mind that it is business and organizational problem, not only a technical problem:
(contracted; show full)* [[ISO/IEC 27002]]
* [[NIST]]

== References ==
<references/>

{{Authority control}}
[[Category:Data security]]

All content in the above text box is licensed under the Creative Commons Attribution-ShareAlike license Version 4 and was originally sourced from https://en.wikipedia.org/w/index.php?diff=prev&oldid=765625956.

This site is not affiliated with or endorsed in any way by the Wikimedia Foundation or any of its affiliates. In fact, we fucking despise them.