ISO 27001-Information Security Management Systems

About the book: Modern IT managers are confronted with an overwhelming number of management frameworks, methods and methodologies–making it difficult to see the wood for the trees. In addition many IT service providers believe they can’t be taken seriously if they don’t also have a proprietary framework to offer–which makes it even more difficult to find your way through the framework forest.

Related Papers

Different numerous risk analysis methodologies are currently available and selecting a suitable one for privacy risk analysis may be a daunting task The objective of the report was to produce an overview of existing risk analysis methodologies, comparison of the different methodologies, and selection of one or two methodologies as a basis for privacy risk analysis framework in the PETweb II (Privacy-respecting Identity Management for e-Norge) project. The PETweb II sets out to providing scientific support for the choice of a scheme for identity management and electronic identifiers in a critical IT systems, specifically supporting: (i) the analysis of specific technical and regulatory privacy and security risks connected to the choice of an identity management approach, (ii) the development of a reference model for privacy-respecting identity management, and (iii) research and development of a simulation and modeling method for privacy consequences of identity management systems. Dr.

Download Free PDF View PDF

There is no doubt that modern society depends heavily on information technology in nearly every facet of human activity. Organizations of all kinds are increasingly exposed to various kinds of risks, including information technology risks. There are many security standards and frameworks available to help organizations manage these risks. The question which one is best and can address the information security risks adequately warrants further investigation and research. The purpose of this research work is to highlight the challenges facing enterprises in their efforts to properly manage information security risks when adopting international standards and frameworks. To assist in selecting the best framework to use in risk management, the article presents an overview of the most popular and widely used standards. It then identifies some selection criteria and suggests an approach to proper implementation. A case study is used to prove the usefulness of the new model for selecting an appropriate security model to manage information security risks.

Download Free PDF View PDF

Information is a fundamental asset within any organization and the protection of this asset, through a process of information security is of equal importance. COBIT and ISO27001 are as reference frameworks for information security management to help organizations assess their security risks and implement appropriate security controls. One of the most important sections of IT within the COBIT framework is information security management that cover confidentiality, integrity and availability of resources. Since the issues raised in the information security management of COBIT, are the area covered by the ISO/IEC27001 standard, the best option to meet the information security management in COBIT infrastructure, is using of ISO/IEC27001 standard. For coexistence of and complementary use of COBIT and ISO27001, mapping of COBIT processes to ISO/IEC 27001 controls is beneficial. This paper explores the role of information security within COBIT and describes mapping approach of COBIT processes to ISO/IEC27001 controls for information security management.

Source:

https://www.academia.edu/3905111/ISO_27001_Information_Security_Management_Systems