ISO 27000 Information Security Management System

2010 ◽  
pp. 28-40
Author(s):  
Carrison K.S. Tong ◽  
Eric T.T. Wong
Keyword(s):  
Information Security ◽  
Management System ◽  
Security Management ◽  
Healthcare Organization ◽  
Information Security Management ◽  
International Standard ◽  
Information Security Management System

The protection of information for a healthcare organization, in any form, while in storage, processing, or transport, from being available to any organization or person that is neither authorized by its owner to have it nor for patient caring, is the objective of information security management in healthcare. There are many standards on information security management. The international standard for information security management is ISO 27000. The objective of this chapter is to provide an introduction of ISO 27000 and its application in PACS.

scholarly journals Advanced Approach to Information Security Management System Model for Industrial Control System

2014 ◽  
Vol 2014 ◽  
pp. 1-13 ◽  
Author(s):  
Sanghyun Park ◽  
Kyungho Lee
Keyword(s):  
Information Security ◽  
Management System ◽  
Security Management ◽  
General Information ◽  
Sensitive Information ◽  
New Paradigm ◽  
Industrial Control ◽  
Information Security Management ◽  
International Standard ◽  
Information Security Management System

Organizations make use of important information in day-to-day business. Protecting sensitive information is imperative and must be managed. Companies in many parts of the world protect sensitive information using the international standard known as the information security management system (ISMS). ISO 27000 series is the international standard ISMS used to protect confidentiality, integrity, and availability of sensitive information. While an ISMS based on ISO 27000 series has no particular flaws for general information systems, it is unfit to manage sensitive information for industrial control systems (ICSs) because the first priority of industrial control is safety of the system. Therefore, a new information security management system based on confidentiality, integrity, and availability as well as safety is required for ICSs. This new ISMS must be mutually exclusive of an ICS. This paper provides a new paradigm of ISMS for ICSs, which will be shown to be more suitable than the existing ISMS.

Implementation of Information Security Management System (ISMS)

2010 ◽  
pp. 53-70
Author(s):  
Carrison K.S. Tong ◽  
Eric T.T. Wong
Keyword(s):  
Information Security ◽  
Management System ◽  
Security Management ◽  
Healthcare Organization ◽  
Business Culture ◽  
Positive Contribution ◽  
Information Security Management ◽  
Information Security Management System ◽  
Risk Approach ◽  
Iec 27001

Fundamental to ISO 27000 (ISO/IEC 27001:2005, 2005) is the concept of an information security management system (ISMS). The information security management system (ISMS) is the part of the overall management system, which is based on a business risk approach, to establish, implement, operate, monitor, maintain, and improve information security. The management system includes organization, structure and policies, planning activities, responsibilities, practices, procedures, processes, and resources. For the management of information security, its scope, administration and resources will depend on the size of the healthcare organization and information resources in question. The ISMS should be effective if it is to be useful to the organization. Information security should be an integral part of the healthcare organization’s operating and business culture. Information security is primarily a management issue, rather than a technical issue, although one should not ignore the technical problems especially given the widespread dependence on the use of IT. Information security management is not a one-off exercise, but should be seen as an ongoing activity of continual improvement. Well-managed information security is a business enabler. No organization can operate successfully in today’s world without information security. A well chosen management system of controls for information security, properly implemented and used, will make a positive contribution to the success of the healthcare organization, not just a cost against the bottom line.

A pattern-based method for establishing a cloud-specific information security management system

2013 ◽  
Vol 18 (4) ◽  
pp. 343-395 ◽  
Author(s):  
Kristian Beckers ◽  
Isabelle Côté ◽  
Stephan Faßbender ◽  
Maritta Heisel ◽  
Stefan Hofbauer
Keyword(s):  
Information Security ◽  
Management System ◽  
Security Management ◽  
Specific Information ◽  
Information Security Management ◽  
Information Security Management System

scholarly journals Analisis Sistem Manajemen Keamanan Informasi Menggunakan ISO/IEC 27001 : 2013 Serta Rekomendasi Model Sistem Menggunakan Data Flow Diagram pada Direktorat Sistem Informasi Perguruan Tinggi

2016 ◽  
Vol 6 (1) ◽  
pp. 38
Author(s):  
Yuni Cintia Yuze ◽  
Yudi Priyadi ◽  
Candiwan .
Keyword(s):  
Information Security ◽  
Asset Management ◽  
Management System ◽  
Security Management ◽  
Maturity Level ◽  
Information Security Management ◽  
Capability Maturity ◽  
Information Security Management System ◽  
Level 3 ◽  
Iec 27001

The importance of information and the possible risk of disruption, therefore the universities need to designed and implemented of the information security.  One of the standards that can be used to analyze the level of information security in the organization is ISO/IEC 27001 : 2013 and this standard has been prepared to provide requirements for establishing, implementing, maintaining and continually improving an information security management system. The objective of this research is to measure the level of information security based on standard ISO/IEC 27001: 2013 and modeling systems for information security management. This research uses descriptive qualitative approach, data collection and validation techniques with tringulasi (interview, observation and documentation). Data was analyzed using gap analysis and to measure the level of maturity this research uses SSE-CMM (Systems Security Engineering Capability Maturity Model). Based on the research results, Maturity level clause Information Security Policy reaches level 1 (Performed-Informally), clause Asset Management reaches level 3 (Well-Defined), clause Access Control reaches level 3 (Well-Defined), clause Physical and Environmental Security reaches level 3 (Well-Defined), clause Operational Security reaches level 3 (Well-Defined), Communication Security clause reaches the level 2 (Planned and Tracked). Based on the results of maturity level discovery of some weakness in asset management in implementing the policy. Therefore, the modeling system using the flow map and CD / DFD focused on Asset Management System.

scholarly journals The effectiveness of the Centralized Use of Digital Technologies, Information Resources and Information Protection Tools in Government by the Example of the Republic of Tyva

2020 ◽  
Vol 23 (6) ◽  
pp. 99-114
Author(s):  
B. S. Dongak ◽  
A. S. Shatohin ◽  
R. V. Meshcheryakov
Keyword(s):  
Risk Management ◽  
Information Security ◽  
Management System ◽  
Economic Effect ◽  
Security Management ◽  
Information Resources ◽  
Information Protection ◽  
Information Security Management ◽  
Information Security Management System ◽  
Software And Hardware

Purpose of research. The purpose of this study is to assess the possibility of applying the methodology for centralized management of systems and information risks using the example of informatization of public departments of Republic of Tyva in order to optimize the cost of purchasing technical, software and hardware-software means of protecting information, as well as the payroll of maintenance technical personnel.Methods. One of the main research methods is the creation of an experimental model of the mechanism of a single information and computing network, combining various government departments located within the same administrative building, which allows working simultaneously with distributed or centralized applications, databases and other services, as well as centralized information risk management security. The next research method is the analysis and study of the principle of operation of information resources, information systems, databases, and the increase in the number of domain users if they are combined into a single data transfer network. The interaction and effectiveness of personnel, a specialized unit based on one government agency, ensuring the regular functioning of the network and the necessary level of information security for all government departments.Results. As a result, an economic effect is achieved by eliminating the acquisition of duplicate software and hardware information protection, increasing the efficiency of using unified information services, and creating a centralized structural unit that uses risk management tools and makes information security management decisions based on the principles of system analysis , structuring method and expert survey methods. The results of the study have been used in solving problems of improving the information security management system of the authorities of Republic of Tyva.Conclusion. We have developed the original information technology architecture of the information security management system and centralized use of information technologies for the government of Republic of Tyva. The distinctive features of the structure of software tools for the centralized approach are the multi-agent implementation of the control elements of the decision support system and the integration of various types of security management models into a single complex. 

Sign in / Sign up

Export Citation Format

Share Document