To obtain access to full text of journal and articles you must register!
- Article name
- Methods of assets determination for ISMS implementation and certification in accordance with the requirements GOST R ISO/IEC 27001-2006 and STO Gazprom series 4.2
- Authors
- Livshits I. I., , Livshitz.il@yandex.ru, LLC "GasInformService", St.-Petersburg, Russia
- Keywords
- IT-security / information security management system / information security providing system / object of protection / audit / IT-security controls / PDCA cycle / risk management
- Year
- 2015 Issue 4 Pages 43 - 51
- Code EDN
- Code DOI
- Abstract
- This publication briefly discusses the modern challenges in the implementation and certification of IT-security Management Systems (ISMS) in accordance with the requirements both of standards GOST R ISO/IEC 27001 series and industry IT-security standards STO Gazprom series 4.2 (STO). Proposed a systematic approach to developing models and methods for the detection, identification and classification the threats of IT-security violation to protect various objects. The focus of this issue concerning the difficult to combine the requirements of two different systems of standardization (GOST R ISO/IEC and STO), which can cause difficulty in correct identification and valuation of assets for defined scope, risk management in the ISMS, as well as in the planning and successful conduct the certification audit. Thus is important to concentrate the experts efforts on prepare process for accurate models and methods to ensure internal audit and effective "monitoring" the state of objects under the influence of threats. This problem concerning the technique of assets definition that meets the requirements of these two standardization systems of IT-security and allows to ensure successful ISMS certification. Additionally considers the requirements pertaining to asset management in the new version of ISO 27001:2013.
- Text
- To obtain access to full text of journal and articles you must register!
- Buy
