INFORMATION SECURITY
MANAGEMENT SYSTEM INFORMATION SECURITY
A management system of information security (ISMS) is, as the name suggests, a set of policy information management. The term is mainly used by the ISO / IEC 27001, although it is not the only policy that uses this term or concept.
An ISMS is for an organization to design, implementation and maintenance of a set of processes to efficiently manage the accessibility of information, seeking to ensure the confidentiality, integrity and availability of information assets while minimizing the risk of information security .
Like any management process, an ISMS must remain effective for a long time to adapt to internal changes in the organization and the external environment.
INFORMATION SECURITY DEFINITION
The information security is a set of preventive and reactive organizational and technological systems that allow safeguard and secure the information seeking to maintain the confidentiality, availability and integrity of it.
The concept of information security should not be confused with computer security, since the latter only in charge of security in the IT environment, but information can be found in different media or forms, not just in information technology.
For man as individual, information security has a significant effect regarding your privacy, you can collect different dimensions depending on the culture of it.
The field of information security has grown and evolved significantly since World War II, becoming an accredited global career. This field offers many areas of specialization, including the audit of information systems planning, business continuity, digital forensics and administration of safety management systems, among others.
The scope and the timing required by the ISMS.
The full commitment and involvement of management in the project from start to finish.
The desired security level, size and complexity of the organization.
(Plan, do, check and act) applied to the whole structure of the ISMS processes. The PDCA model states that it is not enough with the design and implementation of the ISMS, it is necessary to ensure periodic review and continuous updating and improving it, allowing each organization to use the tools they consider appropriate to measure and control system improvement .
An ISMS should identify fundamentally, objectives and scope of the system, the critical business processes for the organization.
The concept of information security should not be confused with computer security, since the latter only in charge of security in the IT environment, but information can be found in different media or forms, not just in information technology.
For man as individual, information security has a significant effect regarding your privacy, you can collect different dimensions depending on the culture of it.
The field of information security has grown and evolved significantly since World War II, becoming an accredited global career. This field offers many areas of specialization, including the audit of information systems planning, business continuity, digital forensics and administration of safety management systems, among others.
IMPLEMENTATION
Implementing ISO / IEC 27001 in an organization is a project that usually lasts between 6 and 12 months, depending on the degree of maturity in information security and range, meaning the range area of the organization will be submitted to the Information security management system chosen. In general, we recommend the help of external consultants.
Organizations that have previously rigorously appropriate information systems and work processes to the demands of the legal data protection regulations (eg in Spain known LOPD and its implementing rules, the most important Royal Decree 1720/2007 of December 21 development of the Organic Law on Data Protection) or who have made a progressive approach to information security by implementing the best practices of ISO / IEC 27002, will leave more advantageous when implementing ISO / IEC 27001 position.
The implementation project team should consist of representatives from all areas of the organization that are affected by the ISMS, led by the direction and advice of external consultants specialized in computer generally or Engineers Engineers Computer security, right of new technologies, data protection and systems management information security (who have completed a course of implanter ISMS).
CERTIFICATION
The certification of an ISMS is a process by which an external entity, independent and accredited certification audits the system, determining compliance with ISO / IEC 27001, the degree of actual implementation and effectiveness and, if so, outputs the corresponding certified.
Before the publication of the ISO 27001 standard, interested organizations were certified to British Standard BS 7799-2.
Since late 2005, organizations can now achieve ISO / IEC 27001 in its first successful certification or recertification through its triennial since BS 7799-2 certification has been replaced.
Annex C of the standard sample correspondences Information security management system (ISMS) in System Quality Management ISO 9001: 2000 and the Environmental Management System ISO 14001: 2004 (see ISO 14000), to the point of being able to get to certify an organization in various standards and based on a common management system.
IMPLEMENTATION OF A ISMS
To make the implementation of an ISMS successfully by our experience and knowledge, they believe that the essential points to consider, provided that a consulting project ISMS start are: The scope and the timing required by the ISMS.
The full commitment and involvement of management in the project from start to finish.
The desired security level, size and complexity of the organization.
IMPLEMENTATION PROCESS
This International Standard adopts the PDCA continuous improvement model(Plan, do, check and act) applied to the whole structure of the ISMS processes. The PDCA model states that it is not enough with the design and implementation of the ISMS, it is necessary to ensure periodic review and continuous updating and improving it, allowing each organization to use the tools they consider appropriate to measure and control system improvement .
An ISMS should identify fundamentally, objectives and scope of the system, the critical business processes for the organization.
