The IT Law Wiki
Don't have an account?
Register
Advertisement
Register
in: Definition, Technology, Security, Data

Information security management system

Revision as of 00:06, 16 September 2013 by Mdscott (talk | contribs) (→‎See also)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Edit

Definition[]

An Information Security Management System (ISMS) is

a systematic and structured approach to managing information so that it remains secure. ISMS implementation includes policies, processes, procedures, organizational structures and software and hardware functions. The ISMS implementation should be directly influenced by the organization's objectives, security requirements, processes employed, size and structure.[1]

References[]

  1. CNII Portal, "Information Security Management System" (full-text).

See also[]

  • ISO/IEC 27001:2005: Information Security Management Systems-Requirements
  • ISO/IEC 27002:2005: Code of Practice for Information Security Management
  • ISO/IEC 27004:2009: Information Security Management-Measurement
  • ISO/IEC 27005:2008: Information Security Risk Management
Community content is available under CC-BY-SA unless otherwise noted.
Advertisement