Abstract
Due to the advance of mobile network, E-commerce, Open Networks, and Internet Banking, Information Security Management System (ISMS) is used to manage information of their customer and themselves by a government or a business organization . The best known ISMSs are BS7799/ISO17799, Common Criteria, which are international standard. And some nations use their own ISMS, e.g., DITSCAP of USA, IT Baseline Protection Manual of Germany, ISMS of Japan. The paper explains the existed ISMSs and presents a comparative analysis on difference among ISMSs. The discussion deals with different aspects of types of the ISMSs: analysis on the present condition of the ISMSs, certification structure, and certification evaluation process. The study contribute so that a government or a business organization is able to refer to improve information security level of the organizations. The case study can also provide a business organization with an easy method for building ISMS.
This research was supported by the Ministry of Knowledge Economy, Korea, under the ITRC(Information Technology Research Center) support program supervised by the IITA(Institute of Information Technology Advancement) (IITA-2009-(C1090-0902-0016)).
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
International Standard ISO/IEC 15408, Common Methodology for Information Technology Security Evaluation,Version 3.1, 2006.10
International Standard ISO/IEC 15408, Common Criteria for Information Technology Security Envluation, Part1,Version 3.1, 2006.10
International Standard ISO/IEC 15408, Common Criteria for Information Technology Security Envluation, Part2,Version 3.1, 2006.10
International Standard ISO/IEC 15408, Common Criteria for Information Technology Security Envluation, Part2,Version 3.1, 2006.10
Japan Information processing development corporation, JIS Q 27001 (ISO/IEC 27001:2005) Information security management sytem conformity assessment scheme (2006)
BSI, BS7799 Part 2: Code of Practice for Information Security Management, British Standards Institute (1999)
ISO, International Standards ISO/IEC 27001, Information technology Security techniques-Information security management systems-requirements (2005)
IT Baseline Protection Manual (2004)
IT Baseline protection Manual Layer model, http://www.bsi.bund.de/english/gshb/manual/schichtenmodell.htm
DoD 5810.1-M: DITSCAP Applicatio Manual (2001)
Valletta, A.M.: DoD Instruction (1997)
DoD Information Assurance, http://www.ati4it.com/DOD
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Jo, H., Kim, S., Won, D. (2010). A Study on Comparative Analysis of the Information Security Management Systems. In: Taniar, D., Gervasi, O., Murgante, B., Pardede, E., Apduhan, B.O. (eds) Computational Science and Its Applications – ICCSA 2010. ICCSA 2010. Lecture Notes in Computer Science, vol 6019. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-12189-0_44
Download citation
DOI: https://doi.org/10.1007/978-3-642-12189-0_44
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-12188-3
Online ISBN: 978-3-642-12189-0
eBook Packages: Computer ScienceComputer Science (R0)