Server Administration
  Home arrow Server Administration arrow Page 2 - Implementing an Information Security M...
Codewalker Forums 
  Tutorials  
Database Articles  
Miscellaneous  
Navigation Usability  
PEAR Articles  
Programming Basics  
Server Administration  
XML Tutorials  
  Reviews  
Database Book Reviews  
Linux Book Reviews  
Miscellaneous Reviews  
PHP Book Reviews  
PHP Software Reviews  
Server Admin Reviews  
SQL Tool Reviews  
  Code Gallery  
Content Management Code  
Contest Code  
Counters Code  
Database Code  
Date Time Code  
Discussion Board Code  
Email Code  
File Manipulation Code  
GUI Code  
Link Farm Code  
Miscellaneous Code  
Search Code  
Site Navigation Code  
User Management Code  
Mobile Linux 
App Generation ROI 
IBM® developerWorks 
Download TestComplete 
Forums Sitemap 
Weekly Newsletter 
 
Developer Updates  
Free Website Content 
 RSS  Articles
 RSS  Forums
 RSS  All Feeds
Write For Us Get Paid 
Request Media Kit
Contact Us 
Site Map 
Privacy Policy 
Support 
 USERNAME
 
 PASSWORD
 
 
  >>> SIGN UP!  
  Lost Password? 
SERVER ADMINISTRATION

Implementing an Information Security Management System
By: Bruce Coker
  • Search For More Articles!
  • Disclaimer
  • Author Terms
    		•
    Rating: 5 stars5 stars5 stars5 stars5 stars / 1
    2008-09-03

    Table of Contents:
  • Implementing an Information Security Management System
  • Planning your ISMS
  • The anatomy of an ISMS
  • Implementation
    		•

    Rate this Article: Poor Best 
      ADD THIS ARTICLE TO:
      Del.ici.ous Digg
      Blink Simpy
      Google Spurl
      Y! MyWeb Furl
    Email Me Similar Content When Posted
    Add Developer Shed Article Feed To Your Site
    Email Article To Friend
    Print Version Of Article
    PDF Version Of Article
    		 
     
    ADVERTISEMENT

    Implementing an Information Security Management System - Planning your ISMS
    (Page 2 of 4 )

    The thoroughness of the planning phase is vital to the ultimate effectiveness of the ISMS itself. A realistic and detailed plan should be prepared and agreed to, against which performance should be measured at every step of the implementation. This will ensure the process remains on track and that the ISMS ultimately addresses the required issues. The plan should also be open to review and reassessment in the light of experience. This will help ensure it retains the flexibility needed to meet the continuously changing requirements of most organizations.

    It is essential to ensure management involvement and commitment at, or preferably before, the planning phase. This will be critical for later success, as decision makers will be implicated not only in financing the ISMS but will play a key ongoing role in its implementation. The involvement of management from an early stage will help to ensure that adequate resources are made available for the development of the ISMS.

    It will also help to involve all related departments in the ISMS process. It is a common misconception that information security is the sole preserve of the IT department, whereas in fact it usually has implications throughout an organization. For example, HR departments will often have a critical role in spreading awareness of the ISMS, while those responsible for the physical security of the building will be involved with issues such as physical access control and the relocation of assets. At a more fundamental level, every individual who uses the IT infrastructure will be affected in some way by the ISMS.

    Knowledge may already exist within an organization that has relevance to ISMS implementation. For example, there may be an existing quality management system (QMS). Where this is the case, relevant skills, knowledge and experience should be leveraged to ease the implementation process and reduce its cost.

    The final major aspect of the planning phase is getting to grips with the standards and processes involved. This will involve the new system's owners familiarizing themselves with documentation such as the International Organization for Standardization's ISO/IEC 27000 series, and the Information Security Forum's Standard of Good Practice. If certification is the goal, consultation with a variety of certifying bodies leading to the identification of one with whom the applicant organization will work is highly desirable, as is strong familiarity with the technical and procedural requirements for certification.

    Next: The anatomy of an ISMS >>
     

    More Server Administration Articles
    More By Bruce Coker


     
    >>> Be the FIRST to comment on this article!

    SERVER ADMINISTRATION ARTICLES

    - Processes in the UNIX Shell
    - Migrating from Windows to Wine
    - Wine: Not Another Emulator
    - Preventive Measures to Block SSH Attacks
    - Monitoring Temperatures with Cacti
    - Cacti: RRDTool-based Graphing Solution
    - Network Magic 5.0 Review
    - Netfilter and Iptables Overview
    - Installing and Configuring Squid
    - Clickfree PC Backup Systems Compared
    - Squid, the Caching Proxy
    - Regular Expressions in the Unix Shell
    - Source Code Version Control Solutions
    - OTRS: Open Source Ticket Request System
    - Clonezilla: Free Mass Disk-Cloning Utility
    Find More Server Administration Articles




    © 2003-2009 by Developer Shed. All rights reserved. DS Cluster 2 Hosted by Hostway
    For more Enterprise Application Development news, visit eWeek