Definition
An ISMS (information security management system) is that part of the overall management system, based on a business risk approach, to establish, implement, operate, monitor, review, maintain, and improve information security.
Background
The first publication of a standard for an ISMS appeared in 1998 as a British Standard (BS) 7799 Part 2. BS 7799 Part 2 was based on the idea to provide a management system for the application of the information security controls contained in BS 7799 Part 1. After UK-internal revisions, both standards were considered in ISO due to the large interest these standards generated all over the world.
After further improvements of these standards in the ISO revision process, in the year 2005, the revised version of BS 7799 Part 2 was published as [ISO/IEC 27001], and the revised BS 7799 Part 1 as [ISO/IEC 27002]. Since then both standards are frequently applied by plenty of organizations...
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsRecommended Reading
ISO/IEC 27001:2005, Information technology – Security techniques – Information security management systems – Requirements
ISO/IEC 27002:2005, Information technology – Security techniques – Information security management – Code of practice
ISO/IEC 27005:2005, Information technology – Security techniques – Information security risk management
ISO/IEC 27000:2008, Information technology – Security techniques – Information security management systems – Overview and vocabulary
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer Science+Business Media, LLC
About this entry
Cite this entry
Plate, A. (2011). ISMS: A Management Framework for Information Security. In: van Tilborg, H.C.A., Jajodia, S. (eds) Encyclopedia of Cryptography and Security. Springer, Boston, MA. https://doi.org/10.1007/978-1-4419-5906-5_289
Download citation
DOI: https://doi.org/10.1007/978-1-4419-5906-5_289
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4419-5905-8
Online ISBN: 978-1-4419-5906-5
eBook Packages: Computer ScienceReference Module Computer Science and Engineering