To obtain access to full text of journal and articles you must register!
- Article name
- EFFECTIVENESS ASSESSMENT OF AN IMPLEMENTATION OF INFORMATION SECURITY MANAGEMENT SYSTEMS
- Authors
- Livshitz I. I., , livshitz_il@hotbox.ru, LLC "GasInformService", St.-Petersburg, Russia
- Keywords
- information security (IS) / information security management system (ISMS) / management of risks / audit / metrics of IT-security / effectiveness assessment
- Year
- 2015 Issue 2 Pages 3 - 9
- Code EDN
- Code DOI
- Abstract
- The relevance of this issue due to constant attention to the analysis and interpretation of the implementation results of Information Security Management Systems (ISMS). In the analysis of such projects is usually taken into account only the minimum requirements, based on the well-known methodological framework - a series of international standards ISO 27000. However, the application for the analysis of the effectiveness of the ISMS only "certification" of ISO 27001 objectively insufficient, further requires a special ISO standard 27004, containing the rules for dealing with IT-security metrics. In this issue, first, review the current regulatory framework ISO 27001 series, secondly, show the practical application of IT-security metrics, significantly expanding the possibilities for assessing the effectiveness of the ISMS, as well as recommendations for the formation of a system of metrics IT-security directly related to the business requirements.
- Text
- To obtain access to full text of journal and articles you must register!
- Buy
