A Study on Comparative Analysis of the Information Security Management Systems

  • Heasuk Jo
  • Seungjoo Kim
  • Dongho Won
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6019)

Abstract

Due to the advance of mobile network, E-commerce, Open Networks, and Internet Banking, Information Security Management System (ISMS) is used to manage information of their customer and themselves by a government or a business organization . The best known ISMSs are BS7799/ISO17799, Common Criteria, which are international standard. And some nations use their own ISMS, e.g., DITSCAP of USA, IT Baseline Protection Manual of Germany, ISMS of Japan. The paper explains the existed ISMSs and presents a comparative analysis on difference among ISMSs. The discussion deals with different aspects of types of the ISMSs: analysis on the present condition of the ISMSs, certification structure, and certification evaluation process. The study contribute so that a government or a business organization is able to refer to improve information security level of the organizations. The case study can also provide a business organization with an easy method for building ISMS.

Keywords

Information Security Management System(ISMS) Information Security Evaluation Information Security Check Information Security Evaluation Process 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    International Standard ISO/IEC 15408, Common Methodology for Information Technology Security Evaluation,Version 3.1, 2006.10Google Scholar
  2. 2.
    International Standard ISO/IEC 15408, Common Criteria for Information Technology Security Envluation, Part1,Version 3.1, 2006.10Google Scholar
  3. 3.
    International Standard ISO/IEC 15408, Common Criteria for Information Technology Security Envluation, Part2,Version 3.1, 2006.10Google Scholar
  4. 4.
    International Standard ISO/IEC 15408, Common Criteria for Information Technology Security Envluation, Part2,Version 3.1, 2006.10Google Scholar
  5. 5.
    Japan Information processing development corporation, JIS Q 27001 (ISO/IEC 27001:2005) Information security management sytem conformity assessment scheme (2006)Google Scholar
  6. 6.
  7. 7.
    BSI, BS7799 Part 2: Code of Practice for Information Security Management, British Standards Institute (1999)Google Scholar
  8. 8.
    ISO, International Standards ISO/IEC 27001, Information technology Security techniques-Information security management systems-requirements (2005)Google Scholar
  9. 9.
  10. 10.
    IT Baseline Protection Manual (2004)Google Scholar
  11. 11.
    IT Baseline protection Manual Layer model, http://www.bsi.bund.de/english/gshb/manual/schichtenmodell.htm
  12. 12.
    DoD 5810.1-M: DITSCAP Applicatio Manual (2001)Google Scholar
  13. 13.
    Valletta, A.M.: DoD Instruction (1997)Google Scholar
  14. 14.
    DoD Information Assurance, http://www.ati4it.com/DOD

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Heasuk Jo
    • 1
  • Seungjoo Kim
    • 1
  • Dongho Won
    • 1
  1. 1.Information Security Group, School of Information and Communication EngineeringSungkyunkwan UniversitySuwonRepublic of Korea

Personalised recommendations