Information Security Management (ISM)
Abstract
Currently, all organizations have to tackle the issue of information security. The paper deals with various aspects of Information Security Management (ISM), including procedures, processes, organizational structures, policies and control processes. Introduction of Information Security Management should be a strategic decision. The concept and implementation of Information Security Management in an organization are determined by the corporate needs and objectives, security requirements, the processes deployed as well as the size and structure of the organization. The implementation of ISM should be carried out to the extent consistent with the needs of the organization.
-
1. ISO/IEC 27002: 2007 Information technology. Security techniques. Code of practice for information security management
-
2. ISO/IEC Guide 73: 2002 Risk management. Vocabulary. Guidelines for use in standards
-
3. ISO/IEC 13335-1: 2004 Information technology security techniques. Management of information and communications technology security. Part 1: Concepts and models for information and communications technology security management
-
4. ISO/IEC 15408-1: 1999 Information technology. Security techniques. Evaluation criteria for IT security. Part 1: Introduction and general model
-
5. ISO/IEC 15489-1: 2001 Information and documentation. Records management. Part 1: General
-
6. OECD Guidelines for the Security of Information Systems and Networks. Towards a Culture of Security. 2002
-
7. ISO/IEC TR 18044 Information Technology. Security Techniques. Information security incident management
