A Practical Implementation of ISMS

سال انتشار: 1392
نوع سند: مقاله کنفرانسی
زبان: انگلیسی
مشاهده: 2,151

فایل این مقاله در 16 صفحه با فرمت PDF قابل دریافت می باشد

استخراج به نرم افزارهای پژوهشی:

لینک ثابت به این مقاله:

شناسه ملی سند علمی:

ECDC07_063

تاریخ نمایه سازی: 9 تیر 1392

چکیده مقاله:

Nowadays, access to reliable information has become an essential factor leading to success in business. In this regard, adequate security of information and systems thatprocess it is critical to the operation of all organizations. Therefore organizations must understand and improve the current status of their information security in order to ensurebusiness continuity and increase rate of return on investments. Since, information securityhas a very important role in supporting the activities of the organization and for this reason; it is needed to have a standard or benchmark which regulates governance overinformation security. Hence, this paper discusses some of Information Security Management System (ISMS) standards in order to determine their strengths and challenges. Then, based on most appropriate standards in the field, a method is proposed toallow information technology-related or based enterprises to implement their ISMS. Thismethod helps identifying critical assets and related threats and vulnerabilities, assessingassets risks and providing necessary risk treatment plans. The proposed method makes it possible and structured to establish information security management system in IT related large-scale enterprises

نویسندگان

Abbass Asosheh

Tarbiat Modares University, Tehran, Iran

Parvaneh Hajinazari

Tarbiat Modares University, Tehran, Iran

Hourieh Khodkari

University of Tehran, Tehran, Iran

مراجع و منابع این مقاله:

لیست زیر مراجع و منابع استفاده شده در این مقاله را نمایش می دهد. این مراجع به صورت کاملا ماشینی و بر اساس هوش مصنوعی استخراج شده اند و لذا ممکن است دارای اشکالاتی باشند که به مرور زمان دقت استخراج این محتوا افزایش می یابد. مراجعی که مقالات مربوط به آنها در سیویلیکا نمایه شده و پیدا شده اند، به خود مقاله لینک شده اند :
  • ISO/IEC 27001:2005. (2005). Information technology- security techniques- information security management ...
  • ISO/IEC 27002:2005. (2005). Information technology _ Security techniques -Code of ...
  • Jacquelin, B. (2003). "The BS 7799 / ISO 17799 Standard ...
  • Fiona, P. (2007). 'Certifying. Information Security. Management Systems.' CISSP. ...
  • Standard, B. S. I. (205). '100-1: Information Security Management Systems ...
  • COBIT. 3rd ed. Framework. (2000). 'ISACA.' Information Security Management Systems ...
  • Broderick, J. (2006). 'ISMS, security standards and security regulations. information ...
  • Susanto, H., Almunawar, M. and Tuan, Y. (2011). Information security ...
  • Siponen, M. and Willison, R. (2009). Information security management standards: ...
  • Hensel, V. and Lemke-rust, K. (2010). 'On _ Integration of ...
  • ISO/IEC 27005:2011, (2011). Information technology _ Security techniques - Informatiom ...
  • Hopkinson, J. (2001). 'Security standards overview.' Proceedings of the Second ...
  • Humphreys, E. (208). Information security management standards: Compliance, govermance and ...
  • Fung, A., Farn, K. and Lin, A. (2003). 'A study ...
  • نمایش کامل مراجع