Skip to main content
SpringerLink
Log in
Book cover

Encyclopedia of Cryptography and Security pp 647–648Cite as

ISMS: A Management Framework for Information Security

  • Reference work entry

  • 610 Accesses

Synonyms

Information security management system; ISO/IEC 27001

Definition

An ISMS (information security management system) is that part of the overall management system, based on a business risk approach, to establish, implement, operate, monitor, review, maintain, and improve information security.

Background

The first publication of a standard for an ISMS appeared in 1998 as a British Standard (BS) 7799 Part 2. BS 7799 Part 2 was based on the idea to provide a management system for the application of the information security controls contained in BS 7799 Part 1. After UK-internal revisions, both standards were considered in ISO due to the large interest these standards generated all over the world.

After further improvements of these standards in the ISO revision process, in the year 2005, the revised version of BS 7799 Part 2 was published as [ISO/IEC 27001], and the revised BS 7799 Part 1 as [ISO/IEC 27002]. Since then both standards are frequently applied by plenty of organizations...

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   799.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Hardcover Book
USD   949.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Recommended Reading

  1. ISO/IEC 27001:2005, Information technology – Security techniques – Information security management systems – Requirements

    Google Scholar 

  2. ISO/IEC 27002:2005, Information technology – Security techniques – Information security management – Code of practice

    Google Scholar 

  3. ISO/IEC 27005:2005, Information technology – Security techniques – Information security risk management

    Google Scholar 

  4. ISO/IEC 27000:2008, Information technology – Security techniques – Information security management systems – Overview and vocabulary

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Director, AEXIS Security Consultants, Weiherstrasse 16, 53111, Bonn, Germany

    Angelika Plate

Authors
  1. Angelika Plate
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Mathematics and Computing Science, Eindhoven University of Technology, 5600 MB, Eindhoven, The Netherlands

    Henk C. A. van Tilborg

  2. Center for Secure Information Systems, George Mason University, Fairfax, VA, 22030-4422, USA

    Sushil Jajodia

Rights and permissions

Reprints and permissions

Copyright information

© 2011 Springer Science+Business Media, LLC

About this entry

Cite this entry

Plate, A. (2011). ISMS: A Management Framework for Information Security. In: van Tilborg, H.C.A., Jajodia, S. (eds) Encyclopedia of Cryptography and Security. Springer, Boston, MA. https://doi.org/10.1007/978-1-4419-5906-5_289

Download citation

Publish with us

Policies and ethics

Search

Navigation