Information Security Management Systems - Essay Example

Information Security Management Systems architecture and the related Standards By Table of Contents Table of Contents 2 Introduction 3 Information Security Management Systems 3 ISMS Implementation 4 Architecture of Information Security Management Systems 4 Plan 5 Do 6 Check 6 Act 6 Related Standards 7 Conclusion 7 Bibliography 8 Introduction The information security refers to the maintenance of integrity, confidentiality, and availability of information. And, an information security management system (ISMS) is a structure that is aimed at synchronizing and managing the activities to control and direct the preservation of integrity, confidentiality and availability of information. In other words, an information security management system is used to implement the information security. In addition, the information security management system is an organized technique to handle sensitive business data and information so that it remains secure. It includes the organizations processes, people as well as systems. Moreover, the information security management system holds the entire business procedures or activities that are designed to offer and examine some aspects of information security. Thus, it can be said that an information security management system is an instance of implementing the management system conceptual model to the paradigm of business or corporate information security (Carlson, 2009; Eloff & Eloff, 2003). This paper presents different aspects or elements of the information security management systems as well as related standards for them. Information Security Management Systems The information security management is a technique intended for the security of corporate and business information assets in whatever formats of the information. Additionally, the basic goal of this technique is to offer business stability, diminish risks to satisfactory levels, increase return on business investments as well as bring corporate opportunities. In addition, the information security management system is a business procedure with the utility of recognizing controls that need to be implemented, established, reviewed, monitored as well as enhanced where necessary to make sure the business and security objectives of the business are attained. Moreover, the international security management standards such as IS0-27001 is used to develop such a system and recognizes an ISMS as being a structure and process life cycle (Intertek Group plc., 2007; Carlson, 2009; Krause & Tipton, n,d). ISMS Implementation Business or corporate managers plan and implement this kind of programs on an operational level. In this scenario ISMS offers the facility to generate standardized requirements and methodologies that are established on organizational standards and process. Additionally, managers contribute to the information security management systems throughout integration of procedure, people and technology in response to these organizational directives. At the enterprise level the ISMS works as a smallest enterprise information security baseline developed in direct response to the enterprise information security risk tackled by upper management (Carlson, 2009; Eloff & Eloff, 2003). Architecture of Information Security Management Systems This section presents the architecture of information security management systems in form of its overall life cycle. An ISMS is usually risk based as well as process oriented arrangement of activities. Additionally, there can be numerous layers of abstraction that involve different audiences whose concerns have to be addressed. Thus, in this scenario ISO27001 standard recommends a plan, which encompasses the stages of Do, Check, Act process-based technique. The detailed explanation of these stages is given below (Fiedler, 2009; Carlson, 2009): Figure 1- ISMS Architecture Source-[ (Carlson, 2009)] Plan At this stage of information security management systems implementation at some enterprise we establish the ISMS plan. However, to establish a plan we first understand the environment as well as assess some main and priority based enterprise risk. After that we develop a charter of the information security program that is aimed at analyzing the program risk (Fiedler, 2009; Carlson, 2009). Do At this stage of information security management systems implementation the ISMS is implemented. In this scenario we develop the enterprise information security baseline that determines the extent of security aspects we are going to implement. After that we create domain-specific implementations of the new technology based structure (Fiedler, 2009; Carlson, 2009). Check The third stage of the information security management systems implementation encompasses two major processes, monitoring and reviewing the ISMS. Here we are aimed at assessing the operational risk to corporate information and data (Fiedler, 2009; Carlson, 2009). Act The final stage of the information security management systems implementation includes the major activities such as developing and upholding the ISMS. Here we measure and monitor the main security concerns of overall corporation (Fiedler, 2009; Carlson, 2009). Related Standards This section presents the analysis of the some of main related standards of the ISMS that are accepted and implemented internationally to effectively manage the information security related issues. A standards-based ISMS allows additional defensibility in the course of third-party validation like that certification to the ISO27001 (that is an international information security management standard). Additionally, this is the main defensibility standard that works well for the customer or a source of information. In addition, deciding to do business with an externally validated partner is a reasonable decision. In this scenario, a risk-based ISMS standard, for instance the ISO27001, helps the company recognize risk based upon informed decision making. Moreover, this is capability to recognize the business risks and facilitates businesses to act in response to their corporate environment, not someone else’s interpretation of their situation. The management system idea is being applied across a lot of new disciplines. Furthermore, by accepting the ISO27001 standard, information security management systems have achieved superior reputation, as well as become a basic need for the business security and information presentation (Carlson, 2009; Fiedler, 2009; Intertek Group plc., 2007). Conclusion An information security management system is a system that is used to implement information security. This paper has presented a detailed analysis of the information security management systems. This paper has also outlined some of main aspects of its architecture and related standards of the ISMS. An ISMS helps an organization manage the information security risks. It also facilitates in establishing the framework for regulatory compliance as well as enhancing the integrate process, people plus technology efficiently as well as credibility. Bibliography Carlson, T. (2009). Understanding Information Security Management Systems. Auerbach Publications . Eloff, J. H., & Eloff, M. (2003). Information security management: a new paradigm. SAICSIT; Vol. 47, Proceedings of the 2003 annual research conference of the South African institute of computer scientists and information technologists on Enablement through technology (pp. 130-136). South African Institute for Computer Scientists and Information Technologists , Republic of South Africa. Fiedler, A. E. (2009). The Information Security Management System. Retrieved April 29, 2010, from Northwest Controlling Corporation Ltd.: http://www.noweco.com/wp_ismse.htm Intertek Group plc. (2007). Information Security Management Systems: ISO 27001. Retrieved April 29, 2010, from Intertek.com: http://www.intertek-sc.com/our_services/ISO_27001/ Krause, M., & Tipton, H. F. (n,d). Handbook of Information Security Management. Retrieved April 29, 2010, from CRC Press LLC: http://www.ccert.edu.cn/education/cissp/hism/ewtoc.html Read More