DocumentCode :
617566
Title :
A practical implementation of ISMS
Author :
Asosheh, Abbas ; Hajinazari, Parvaneh ; Khodkari, Hourieh
Author_Institution :
Fac. of Eng., Tarbiat Modares Univ., Tehran, Iran
fYear :
2013
fDate :
17-18 April 2013
Firstpage :
1
Lastpage :
17
Abstract :
Nowadays, access to reliable information has become an essential factor leading to success in business. In this regard, adequate security of information and systems that process it is critical to the operation of all organizations. Therefore organizations must understand and improve the current status of their information security in order to ensure business continuity and increase rate of return on investments. Since, information security has a very important role in supporting the activities of the organization and for this reason; it is needed to have a standard or benchmark which regulates governance over information security. Hence, this paper discusses some of Information Security Management System (ISMS) standards in order to determine their strengths and challenges. Then, based on most appropriate standards in the field, a method is proposed to allow information technology-related or based enterprises to implement their ISMS. This method helps identifying critical assets and related threats and vulnerabilities, assessing assets risks and providing necessary risk treatment plans. The proposed method makes it possible and structured to establish information security management system in IT related large-scale enterprises.
Keywords :
business continuity; electronic commerce; information systems; investment; organisational aspects; risk management; security of data; ISMS; asset risk assessment; business continuity; critical asset identification; governance regulation; information security management system standards; information technology-based enterprises; information technology-related enterprises; return-on-investments; risk treatment plans; threat identification; vulnerability identification; IEC standards; ISO standards; Information security; Organizations; Standards organizations; ISMS; ISO/IEC 27000 series; Information Security; Risk Assessment;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
e-Commerce in Developing Countries: With Focus on e-Security (ECDC), 2013 7th Intenational Conference on
Conference_Location :
Kish Island
Print_ISBN :
978-1-4799-0394-8
Type :
conf
DOI :
10.1109/ECDC.2013.6556730
Filename :
6556730
Link To Document :
بازگشت