Server Administration
  Home arrow Server Administration arrow Page 4 - Implementing an Information Security M...
Codewalker Forums 
  Tutorials  
Database Articles  
Miscellaneous  
Navigation Usability  
PEAR Articles  
Programming Basics  
Server Administration  
XML Tutorials  
  Reviews  
Database Book Reviews  
Linux Book Reviews  
Miscellaneous Reviews  
PHP Book Reviews  
PHP Software Reviews  
Server Admin Reviews  
SQL Tool Reviews  
  Code Gallery  
Content Management Code  
Contest Code  
Counters Code  
Database Code  
Date Time Code  
Discussion Board Code  
Email Code  
File Manipulation Code  
GUI Code  
Link Farm Code  
Miscellaneous Code  
Search Code  
Site Navigation Code  
User Management Code  
Mobile Linux 
App Generation ROI 
IBM® developerWorks 
Download TestComplete 
Forums Sitemap 
Weekly Newsletter 
 
Developer Updates  
Free Website Content 
 RSS  Articles
 RSS  Forums
 RSS  All Feeds
Write For Us Get Paid 
Request Media Kit
Contact Us 
Site Map 
Privacy Policy 
Support 
 USERNAME
 
 PASSWORD
 
 
  >>> SIGN UP!  
  Lost Password? 
SERVER ADMINISTRATION

Implementing an Information Security Management System
By: Bruce Coker
  • Search For More Articles!
  • Disclaimer
  • Author Terms
    		•
    Rating: 5 stars5 stars5 stars5 stars5 stars / 1
    2008-09-03

    Table of Contents:
  • Implementing an Information Security Management System
  • Planning your ISMS
  • The anatomy of an ISMS
  • Implementation
    		•

    Rate this Article: Poor Best 
      ADD THIS ARTICLE TO:
      Del.ici.ous Digg
      Blink Simpy
      Google Spurl
      Y! MyWeb Furl
    Email Me Similar Content When Posted
    Add Developer Shed Article Feed To Your Site
    Email Article To Friend
    Print Version Of Article
    PDF Version Of Article
    		 
     
    ADVERTISEMENT

    Implementing an Information Security Management System - Implementation
    (Page 4 of 4 )

    Once the planning and structuring phases have been completed successfully, implementation is primarily a matter of setting in train the required actions, and monitoring them to ensure they are being carried out as specified. Since the responsible teams and individuals will have been identified, all parties should understand their roles and be in a state of readiness to move forward when the time for implementation arrives.

    To support this, a second strand to implementation is often the provision of training and awareness programs to bring people up to speed with the implications of the ISMS. This will include validating and distributing documentation relating to the project, conducting sessions to make people aware of their responsibilities, and any technical training required to ensure the successful implementation of specific aspects of the system, for example a migration to new software or the development of a new firewall.

    Certification

    In many cases, certification will be a key goal of the ISMS. When this is so, the selection of an appropriate certifying body becomes a decision of key importance. Close integration is necessary between the organization seeking certification and the one providing it. The applicant organization must be prepared to expose its inner workings to the assessors, including potentially sensitive data and every aspect of how it conducts its business. It must, therefore, be able to establish a strong relationship of trust with the certifying body. For this reason it is recommended that as many potential certification candidates as practical are considered.

    Certification in itself doesn't require any steps other than those necessary to implement the ISMS. When implementation is complete, assessors will thoroughly examine the system against the ISO/IEC 27001 standard. The certification process consists of the following six steps:


    1. Primary audit, during which the assessors will thoroughly examine all the ISMS documentation.

    2. Actions and modifications resulting from the primary audit.

    3. Secondary audit. This is carried out on site, and involves a thorough examination of the implementation of the documented ISMS.

    4. Post-audit corrections.

    5. Issuing of certification.

    6. Follow up to ensure continued compliance.


    DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware.


     
    >>> Be the FIRST to comment on this article!

    SERVER ADMINISTRATION ARTICLES

    - Processes in the UNIX Shell
    - Migrating from Windows to Wine
    - Wine: Not Another Emulator
    - Preventive Measures to Block SSH Attacks
    - Monitoring Temperatures with Cacti
    - Cacti: RRDTool-based Graphing Solution
    - Network Magic 5.0 Review
    - Netfilter and Iptables Overview
    - Installing and Configuring Squid
    - Clickfree PC Backup Systems Compared
    - Squid, the Caching Proxy
    - Regular Expressions in the Unix Shell
    - Source Code Version Control Solutions
    - OTRS: Open Source Ticket Request System
    - Clonezilla: Free Mass Disk-Cloning Utility
    Find More Server Administration Articles




    © 2003-2009 by Developer Shed. All rights reserved. DS Cluster 6 Hosted by Hostway
    For more Enterprise Application Development news, visit eWeek