Everything Totally Explained


Ask & we'll explain, totally!
Information security management system
Totally Explained

  NEW! All the latest news in the worlds of computer gaming, entertainment, the environment,  
finance, health, politics, science, stocks & shares, technology and much, much, more.  

View this entry using RSS

Everything about Information Security Management System totally explained

An Information Security Management System (ISMS) is, as the name suggests, a system of management concerned with information security. The idiom arises primarily out of ISO/IEC 27001. The key concept of ISMS is for an organization to design, implement and maintain a coherent suite of processes and systems for effectively managing information security, thus ensuring the confidentiality, integrity and availability of information assets and minimizing information security risks.
   As with all management processes, an ISMS must remain effective and efficient in the long term, adapting to changes in the internal organization and external environment. ISO/IEC 27001 therefore incorporates the typical "Plan-Do-Check-Act" (PDCA) Deming approach to continuous improvement:
  • The Plan phase is about designing the ISMS, assessing information security risks and selecting appropriate controls.
  • The Do phase involves implementing and operating the controls.
  • The Check phase's objective is to review and evaluate the performance (efficiency and effectiveness) of the ISMS.
  • In the Act phase, changes are made where necessary to bring the ISMS back to peak performance. The best known ISMS is described in ISO/IEC 27001 and ISO/IEC 27002 and related standards published jointly by ISO and IEC.
       Another competing ISMS is Information Security Forum's Standard of Good Practice (SOGP). It is more best practice -based as it comes from ISF's industry experiences.
       Other frameworks such as COBIT and ITIL touch on security issues, but are mainly geared toward creating a governance framework for information and IT more generally. Information Security Management Maturity Model (known as ISM-cubed or ISM3) is another form of ISMS. ISM3 builds on standards such as ISO 20000, ISO 9001, CMM, ISO/IEC 27001, and general information governance and security concepts. ISM3 can be used as a template for an ISO 9001-compliant ISMS. While ISO/IEC 27001 is controls based, ISM3 is process based and includes process metrics.

    Further Information

    Get more info on 'Information Security Management System'.


    External Link Exchanges

    Do you know how hard it is to get a link from a large encyclopaedia? Well we're different and will prove it. To get a link from us just add the following HTML to your site on a relevant page:

      <a href="http://information_security_management_system.totallyexplained.com">Information security management system Totally Explained</a>

    Then simply click through this link from your web page. Our crawlers will verify your link, extract the title of your web page and instantly add a link back to it. If you like you can remove the words Totally Explained and embed the link in article text.
       As long as your link remains in place, we'll keep our link to you right here. Please play fair - our crawlers are watching. Your site must be closely related to this one's topic. Any kind of spamming, dubious practises or removing the link will result in your link from us being dropped and, potentially, your whole site being banned.



    • Copyright © 2007-8 totallyexplained.com | Licensed under the GNU Free Documentation License | Site Map
    This article contains text from the Wikipedia article Information security management system (History) and is released under the GFDL | RSS Version