.

Monday, February 24, 2020

Information Systems Management Essay Example | Topics and Well Written Essays - 2000 words

Information Systems Management - Essay Example Originally BS 7799 had the status of a Code of Practice. However, in April 1999, it became a formal two part standard. Part 1 (the original Code of Practice)  of the revised BS7799 standard was re-titled "Code of Practice for Information Security Management" and provides guidance on best practices in information security management.   Part 2, titled "Specification for Information Security Management Systems", forms the standard against which an organisations own security management systems were to be assessed and certified. In 1993 UK-DTI in collaboration of a number of UK based companies introduced the ISM Code of Practice incorporating the best information security practices in use like the computer data, written spoken or microfiche. The primary goal of the Code of Practice was to provide a common basis for organisations to develop, implement and measure effective information security management practice. Also the aim was to provide confidence in inter-organisational dealings i.e registry/ registrar interactions. In 1999, when the COP was fragmented in two parts BS7799 Part 1 which is now ISO/IEC 17799: 2000 incorporates good security practice with 127 security guidelines which can be drilled over to provide 600 other controls. While the BS 7799 Part 2 is a framework for the ISMS, a means by which senior management monitor can control their security, minimize the risks and ensure compliance. Then the third part BS 7799 Part 3 was published in the year 2005 covering risk analysis and management. 5) Physical and Environmental Security physical aspects of security including protection of equipment and information from physical harm, as well as physical control of access to information and equipment To be effective it should be clearly supported by senior management. Specific policies and procedures within the Information Security Management System (ISMS) must be consistent

No comments:

Post a Comment