Tailoring ISO/IEC 27001 for SMEs: A Guide to Implement an Information Security Management System in Small Settings
نویسندگان
چکیده
While Information Security Management Systems (ISMS) are being adopted by the biggest IT companies, it remains quite difficult for smaller entities to implement and maintain all the requirements of ISO/IEC 27001. In order to increase information security in Luxembourg, the Public Research Centre Henri Tudor has been charged by the Luxembourg Ministry of Economy and Foreign Trade to find solutions to facilitate ISMS deployment for SMEs. After an initial experiment aiming at assisting a SME in getting the first national ISO/IEC 27001 certification for a private company, an implementation guide for deploying an ISMS, validated by local experts and experimented in SMEs, has been released and is presented in this paper.
منابع مشابه
A Gap Analysis Tool for SMEs Targeting ISO/IEC 27001 Compliance
Current trends indicate that information security is critical for today’s enterprises. As managers realise they cannot ignore the potential security risks, they tend to turn to the ISO/IEC 27001 standard, in order to implement an Information Security Management System (ISMS). While being adopted by large companies, ISMS are still considered as out of range by numerous smaller entities. To help ...
متن کاملIso/iec 27001 Information Systems Security Management Standard : Exploring the Reasons for Low Adoption
In this paper we attempt to find the reasons for low adoption of the international standard ISO/IEC 2700 on information security management. We benchmark ISO/IEC 27001 against the two other widely applied management system standards – ISO 9001 for quality management and ISO 14001 for environmental management We show that besides low adoption rates, ISO/IEC 27001 standard has received significan...
متن کاملStandardization of Information Security Management System: ISO/IEC 27001: 2005, ITIL®, CoBIT®
Information is currently the most important asset of modern companies. Its security is therefore very important and becomes the top priority of each company. Unfortunately, there is no simple recipe providing 100 % security of information. A company must apply the best security procedures with the aim to achieve an appropriate level of its information security. This paper presents and compares ...
متن کاملTowards an Integrated Management System (IMS), harmonizing the ISO/IEC 27001 and ISO/IEC 20000-2 Standards
In recent times, and in order to maintain an integrated, efficient and homogeneous policy, Integrated Management Systems (IMS) have emerged as an opportunity to improve processes related to Information Technology (IT) in organizations in a way that is modular, consistent and orderly. The ISO 27001 and ISO 20000 standards provide good practices for creating and/or strengthening management infras...
متن کاملA Pattern-Based and Tool-Supported Risk Analysis Method Compliant to ISO 27001 for Cloud Systems
To benefit from cloud computing and the advantages it offers, obstacles regarding the usage and acceptance of clouds have to be cleared. For cloud providers, one way to obtain customers’ confidence is to establish security mechanisms when using clouds. The ISO 27001 standard provides general concepts for establishing information security in an organization. Risk analysis is an essential part in...
متن کامل