ISO Security Standards as a Leverage on IT Security Management
نویسندگان
چکیده
Information security is a very important component in the context of an organization’s dependence on ICT. The operational environment where these technologies are operating is a very complex one. Offering a good level of protection by information security process needs a well defined managerial framework. This paper discusses the reasons why having a well defined managerial security framework is needed in an information security area, as well as which are the tools to build and implement such a management framework. After a short presentation, two international standards related to Information Security Management, the ISO 17799:2005 and ISO 27001 standards, and the implications of being conforming to these standards are analysed and their advantages and limits in a security management framework are pointed out.
منابع مشابه
ISO/IEC 27000, 27001 and 27002 for Information Security Management
With the increasing significance of information technology, there is an urgent need for adequate measures of information security. Systematic information security management is one of most important initiatives for IT management. At least since reports about privacy and security breaches, fraudulent accounting practices, and attacks on IT systems appeared in public, organizations have recognize...
متن کاملISMS-CORAS: A Structured Method for Establishing an ISO 27001 Compliant Information Security Management System
Established standards on security and risk management provide guidelines and advice to organizations and other stakeholders on how to fulfill their security needs. However, realizing and ensuring compliance with such standards may be challenging. This is partly because the descriptions are very generic and have to be refined and interpreted by security experts, and partly because they lack tech...
متن کاملDetermining the appropriate methodology for the security evaluation of equipment related to information and communication technology in the power industry
Providing security in the vital infrastructures of the country, is one of the essential operations that must be taken in order to improve the security of the country. Resistant security strategies need to be regularly implemented as a dynamic process to improve security, and security evaluation is one of the most important steps in this process. Methodology in the field of evaluation in both te...
متن کاملامنیت اطلاعات سامانه های تحت وب نهاد کتابخانه های عمومی کشور
Purpose: This paper aims to evaluate the security of web-based information systems of Iran Public Libraries Foundation (IPLF). Methodology: Survey method was used as a method for implementation. The tool for data collection was a questionnaire, based on the standard ISO/IEC 27002, that has the eleven indicators and 79 sub-criteria, which examines security of web-based information systems of IP...
متن کاملRisk Management in IT Service Security
This article brings a novel approach for optimized risk management in IT service information security. The new method is based on widely used international standards – best practices – for IT service management (ISO/IEC 20000) and Information security management system (ISO/IEC 27000). Firstly, the IT service information security approach is developed (based on a Service level management extens...
متن کامل