Information Security Management System

Print
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Year of Publication: 2017
Authors:
Sahar Al-Dhahri, Manar Al-Sarti, Azrilah Abdul Aziz
10.5120/ijca2017912851

Sahar Al-Dhahri, Manar Al-Sarti and Azrilah Abdul Aziz. Information Security Management System. International Journal of Computer Applications 158(7):29-33, January 2017. BibTeX

@article{10.5120/ijca2017912851,
	author = {Sahar Al-Dhahri and Manar Al-Sarti and Azrilah Abdul Aziz},
	title = {Information Security Management System},
	journal = {International Journal of Computer Applications},
	issue_date = {January 2017},
	volume = {158},
	number = {7},
	month = {Jan},
	year = {2017},
	issn = {0975-8887},
	pages = {29-33},
	numpages = {5},
	url = {http://www.ijcaonline.org/archives/volume158/number7/26922-2017912851},
	doi = {10.5120/ijca2017912851},
	publisher = {Foundation of Computer Science (FCS), NY, USA},
	address = {New York, USA}
}

Abstract

The ISO27001 is an information security management system (ISMS). It is helps the organizations to manage the security of assets. However, the ISO27001 is the best-known standard providing requirements for an information security management system (ISMS). In 2015, based on ISO survey, ISO/IEC 27001 saw a 20% increase to 27,536 certificates worldwide [13]

References

  1. ENISA (European Network and Information Security Agency), “Risk Management /Risk Assessment “ (available on-line at http://www.enisa.europa.eu/rmra)
  2. Walid Al-Ahmad and Bassil Mohammad. Addressing information security risks by adopting standards. International Journal of Information Security Science, 2(2):28_43, 2013.
  3. Tom Carlson, HF Tipton, and M Krause. Understanding Information Security Management Systems. Auerbach Publications Boca Raton, FL, 2008.
  4. Vladislav V Fomin, H Vries, and Y Barlette. Iso/iec 27001 information systems security management standard: exploring the reasons for low adoption. In Proceedings of The third European Conference on Management of Technology (EUROMOT), 2008.
  5. Kwo-Shing Hong, Yen-Ping Chi, Louis R Chao, and Jih-Hsing Tang. An integrated system theory of information security management. Information Management & Computer Security, 11(5):243_248, 2003.
  6. Ted Humphreys. State-of-the-art information security management systems with iso/iec 27001: 2005. ISO Management Systems, 6(1), 2006.
  7. G Pavlov and J Karakaneva. Information security management system in organization. Trakia Journal of Sciences, 9(4):20_25, 2011.
  8. Madhav Sinha and Alan Gillies. Improving the quality of information security management systems with iso27000. The TQM Journal, 23(4):367_376, 2011.
  9. The ISO Survey of Management System Standard Certi_cations 2015 http://www.iso.org/iso/the_iso_survey_of_management_system_standard_certi_cations_2015.pdf (Accessed: 11 December 2016).
  10. ISO/IEC 17799 (2005) _Information technology - Security techniques - Code of practice for information security management_.
  11. ISO/IEC 27001(2005) _Information technology - Security techniques - Information security management systems _ Requirements_.
  12. Debi Ashenden. Information security management: A human challenge? Information security technical report, 13(4):195_201, 2008.
  13. I. (n.d.). The ISO Survey of Management System Standard Certifications 2015. Retrieved December 2, 2016, from http://www.iso.org/iso/the_iso_survey_of_management_system_standard_certifications_2015.pdf
  14. S. (n.d.). Security Incident Management. Retrieved December 10, 2016, fromhttps://ito.hkbu.edu.hk/pub/is_newsletter/professional/Issue_12_SecurityIncidentMgt/IssueIT12_1.htm
  15. Information Security Management System ISO 27001:2005. (2015). Retrieved December 2, 2016, from http://www.tuv-nord.com/, http://www.tuv-nord.com/cps/rde/xbcr/tng_in/Product_Information_27001.pdf

Keywords

Information Security, Information Security Management, Total quality management, Information security, Incremental approach