An '''information security management system''' (ISMS) is, as the name suggests, a system of management concerned with information security. The idiom arises primarily out of [[ISO/IEC 17799]], a code of practice for information security management published by the [[International Organization for Standardization]] in [[2000]]. ISO 17799 will be revised and re-issued this year (2005).
The best known ISMS is [[BS 7799]]-2:2002, published by the [[British Standards Institute]], complementary to ISO/IEC 17799 (developed from BS 7799-1). A system for certification against BS-7799-2:2002 is well established (But note that it is ''not'' possible to get ISO/IEC 17799 certified.) An ISO version of 7799-2 is currently developed under the name ISO 27001 and is in final comment/voting stage. It is scheduled to be released late 2005/early 2006.
ISM3 (pronounced ISM-cubed) is the only other ISMS that is accreditable. ISM3 was developed from ITIL, ISO9001, CMM and BS7799-2 and Information Governance concepts. ISM3 can be used as a template to make ISO9001 compliant information security management systems. The major difference between BS7799-2 and ISM3 is that the second has four maturity levels, while BS7799 takes a compliant/not compliant approach.
Other ISMS are
*ISF
*ITIL
*COBIT
==References==
* BS 7799-2:2002
* ISF
* ISO/IEC 17799:2000 (developed from BS 7799-1 and republished as BS ISO/IEC 17799:2000, BS 7799-1:2000)
* ITIL / ITSM
* Cobit v3.0
* ISM3 v1.0
==External links==
*[http://www.bsi-global.com/ British Standard Institute]
*[http://www.securityforum.org/html/frameset.htm Information Security Forum (ISF)]
*[http://www.itil-service-management-shop.com/security.htm ITIL Security]
*[http://www.isaca.org/ ISACA Cobit]
*[http://www.isecom.org/projects/ism3.shtml Information Security Management Maturity Model (ISM3)]
{{standard-stub}}
This site is not affiliated with or endorsed in any way by the Wikimedia Foundation or any of its affiliates. In fact, we fucking despise them.
|
