期刊名称:International Journal of Information Systems and Project Management
印刷版ISSN:2182-7796
电子版ISSN:2182-7788
出版年度:2016
卷号:4
期号:4
页码:27-47
DOI:10.12821/ijispm040402
出版社:SciKA
摘要:Securing sensitive organizational data has become increasingly vital to organizations. An Information SecurityManagement System (ISMS) is a systematic approach for establishing, implementing, operating, monitoring, reviewing,maintaining and improving an organization's information security. Key elements of the operation of an ISMS are ISMSprocesses. However, and in spite of its importance, an ISMS process framework with a description of ISMS processesand their interaction as well as the interaction with other management processes is not available in the literature. Costbenefit analysis of information security investments regarding single measures protecting information and ISMSprocesses are not in the focus of current research, mostly focused on economics. This article aims to fill this researchgap by proposing such an ISMS process framework as the main contribution. It is based on a set of agreed upon ISMSprocesses in existing standards like ISO 27000 series, COBIT and ITIL. Within the framework, identified processes aredescribed and their interaction and interfaces are specified. This framework helps to focus on the operation of the ISMS,instead of focusing on measures and controls. By this, as a main finding, the systemic character of the ISMS consistingof processes and the perception of relevant roles of the ISMS is strengthened.
关键词:information security; IT security management; ISMS; process framework.
