Information technology � Guidance on information security management system processes

2021 ◽  
Keyword(s):  
Information Technology ◽  
Information Security ◽  
Management System ◽  
Security Management ◽  
Information Security Management ◽  
Information Security Management System

Information Security Management Systems Cybernetics

2012 ◽  
pp. 223-244 ◽  
Author(s):  
Wolfgang Boehmer
Keyword(s):  
Information Technology ◽  
Information Security ◽  
Management System ◽  
Security Management ◽  
Management Systems ◽  
Information Security Management ◽  
Standard Management ◽  
Technology Service ◽  
Information Security Management System ◽  
Potential Applications

With the widespread dissemination of Information Technology in enterprises and households in the mid-90s, discussions began on how to manage it. Meanwhile, in the area of enterprise security management systems worldwide, enforced use of the Deming cycle initially worked against the implementation of policies. Standard management systems include ISMS (Information Security Management System) as specified in ISO 27001, BCM (Business Continuity Management System) as specified in BS 25999, and ITSM (Information Technology Service Management System) as specified in ISO 20000. In contrast to policies, these best-practice management systems continue to operate today with no formal method. Management systems have, however, some advantages that policies do not have. In this chapter, the authors present possible uses of policies with respect to management systems and identify potential applications. Furthermore, the authors present a field study, cited here, which highlights the advantages of management systems in practice. Moreover, this chapter shows how a formal description of an information security management system can be created by means of discrete-event systems theory and how an objective function for management systems can be defined.

scholarly journals An Assessment of ISMS Process Maturity based on Readiness and Awareness of team members of selected IT Organizations

2012 ◽  
Vol 2 (2) ◽  
Author(s):  
Alpana Kakkar ◽  
Ritu Punhani ◽  
Deepak Jain
Keyword(s):  
Information Technology ◽  
Information Security ◽  
Management System ◽  
Security Management ◽  
Service Organizations ◽  
Information Security Management ◽  
Team Members ◽  
It Service ◽  
Information Security Management System ◽  
Government Education

The growth of computers and of information technology has been explosive. As a result, information technology has been widely applied in every aspect of our life—from business, government, education, finance, health-care, aerospace to national defence. Computers, especially networked computers, have brought benefits to us and improved our lives. However, surveys and reports from various industry associations and security organizations suggested that only a few organizations can successfully protect their information assets. Organizations realize that information security is a complex issue, involving both human and technical factors. This paper is an attempt to empirically assess the maturity of Information Security Management System (ISMS) implementation in selected IT Service organizations in terms of confidence of their employees on their Information Security Management System.

scholarly journals Development of Awareness and Competences of Employees in the Processes of Information Security Management System

2020 ◽  
Vol 20 (2) ◽  
Author(s):  
Vitomir T. Miladinović
Keyword(s):  
Information Technology ◽  
Information Security ◽  
Management System ◽  
Security Management ◽  
Management Systems ◽  
Information Security Management ◽  
Information Technology Security ◽  
Information Security Management System ◽  
Systems Requirements ◽  
Iec 27001

Based on author’s experiencie, in this we will analyze some issues of awareness and competence development of all employees in the organization in the processes of information security management system (ISMS), in accordance with the requirements of the International Standard SRPS ISO/IEC 27001 Information Technology — Security Techniques — Information Security Management Systems — Requirements.

A pattern-based method for establishing a cloud-specific information security management system

2013 ◽  
Vol 18 (4) ◽  
pp. 343-395 ◽  
Author(s):  
Kristian Beckers ◽  
Isabelle Côté ◽  
Stephan Faßbender ◽  
Maritta Heisel ◽  
Stefan Hofbauer
Keyword(s):  
Information Security ◽  
Management System ◽  
Security Management ◽  
Specific Information ◽  
Information Security Management ◽  
Information Security Management System

scholarly journals Analisis Sistem Manajemen Keamanan Informasi Menggunakan ISO/IEC 27001 : 2013 Serta Rekomendasi Model Sistem Menggunakan Data Flow Diagram pada Direktorat Sistem Informasi Perguruan Tinggi

2016 ◽  
Vol 6 (1) ◽  
pp. 38
Author(s):  
Yuni Cintia Yuze ◽  
Yudi Priyadi ◽  
Candiwan .
Keyword(s):  
Information Security ◽  
Asset Management ◽  
Management System ◽  
Security Management ◽  
Maturity Level ◽  
Information Security Management ◽  
Capability Maturity ◽  
Information Security Management System ◽  
Level 3 ◽  
Iec 27001

The importance of information and the possible risk of disruption, therefore the universities need to designed and implemented of the information security.  One of the standards that can be used to analyze the level of information security in the organization is ISO/IEC 27001 : 2013 and this standard has been prepared to provide requirements for establishing, implementing, maintaining and continually improving an information security management system. The objective of this research is to measure the level of information security based on standard ISO/IEC 27001: 2013 and modeling systems for information security management. This research uses descriptive qualitative approach, data collection and validation techniques with tringulasi (interview, observation and documentation). Data was analyzed using gap analysis and to measure the level of maturity this research uses SSE-CMM (Systems Security Engineering Capability Maturity Model). Based on the research results, Maturity level clause Information Security Policy reaches level 1 (Performed-Informally), clause Asset Management reaches level 3 (Well-Defined), clause Access Control reaches level 3 (Well-Defined), clause Physical and Environmental Security reaches level 3 (Well-Defined), clause Operational Security reaches level 3 (Well-Defined), Communication Security clause reaches the level 2 (Planned and Tracked). Based on the results of maturity level discovery of some weakness in asset management in implementing the policy. Therefore, the modeling system using the flow map and CD / DFD focused on Asset Management System.

Sign in / Sign up

Export Citation Format

Share Document