A Study on Comparative Analysis of the Information Security Management Systems
Due to the advance of mobile network, E-commerce, Open Networks, and Internet Banking, Information Security Management System (ISMS) is used to manage information of their customer and themselves by a government or a business organization . The best known ISMSs are BS7799/ISO17799, Common Criteria, which are international standard. And some nations use their own ISMS, e.g., DITSCAP of USA, IT Baseline Protection Manual of Germany, ISMS of Japan. The paper explains the existed ISMSs and presents a comparative analysis on difference among ISMSs. The discussion deals with different aspects of types of the ISMSs: analysis on the present condition of the ISMSs, certification structure, and certification evaluation process. The study contribute so that a government or a business organization is able to refer to improve information security level of the organizations. The case study can also provide a business organization with an easy method for building ISMS.
KeywordsInformation Security Management System(ISMS) Information Security Evaluation Information Security Check Information Security Evaluation Process
Unable to display preview. Download preview PDF.
- 1.International Standard ISO/IEC 15408, Common Methodology for Information Technology Security Evaluation,Version 3.1, 2006.10Google Scholar
- 2.International Standard ISO/IEC 15408, Common Criteria for Information Technology Security Envluation, Part1,Version 3.1, 2006.10Google Scholar
- 3.International Standard ISO/IEC 15408, Common Criteria for Information Technology Security Envluation, Part2,Version 3.1, 2006.10Google Scholar
- 4.International Standard ISO/IEC 15408, Common Criteria for Information Technology Security Envluation, Part2,Version 3.1, 2006.10Google Scholar
- 5.Japan Information processing development corporation, JIS Q 27001 (ISO/IEC 27001:2005) Information security management sytem conformity assessment scheme (2006)Google Scholar
- 7.BSI, BS7799 Part 2: Code of Practice for Information Security Management, British Standards Institute (1999)Google Scholar
- 8.ISO, International Standards ISO/IEC 27001, Information technology Security techniques-Information security management systems-requirements (2005)Google Scholar
- 10.IT Baseline Protection Manual (2004)Google Scholar
- 11.IT Baseline protection Manual Layer model, http://www.bsi.bund.de/english/gshb/manual/schichtenmodell.htm
- 12.DoD 5810.1-M: DITSCAP Applicatio Manual (2001)Google Scholar
- 13.Valletta, A.M.: DoD Instruction (1997)Google Scholar
- 14.DoD Information Assurance, http://www.ati4it.com/DOD