ISMSISMS’ consulting is an advisory service during implementation of systems for managing information security. The ISMS process begins by determining the coverage area, through the identification of resources, assessment and risk management, defining security policies, detailed procedures, regulations and standards, to training users of the information system (awareness training). All of the above procedures are conducted in accordance with ISO 17799 or BS 7799-2 standard. The service is intended for customers who want to establish a comprehensive and reliable system for managing information security.

The British Standards Institute (BSI) published the first document on safety and good practice in security. This document was known as the Code of Practice and it was published in 1993. The document was revised and became a British Standard 7799 (or BS 7799 for short). A new version of the standard (BS7799-2) was release in 1998. The new version specifies a security management system (ISMS) based on objectives and controls of BS7799-1. A year later, both standards have been revised in order to ensure their consistency. BS 7799 standard introduces the concept of lifecycle management for information security:

  • PLAN – planning and establishment phase
  • DO – use of system
  • CHECK – system monitoring and audit
  • ACT – improving the system

ISO 17799 and BS 7799 are wildly accepted in Europe, Japan and most of Australia. The ISO 17799 is tightly coupled with the BS 7799 standard, from which it was created. The ISO 17799 standard describes some new concepts in information security:

  • Confidentiality- ensures access to information only to authorized persons,
  • Integrity- must ensure the accuracy and completeness of information and ways of processing,
  • Availability- must ensure that the information is available when needed.

 

Information Security Management System
   
   

Articles  

   
© 2015 Nobium - Sva prava pridržana.