Implementation of information security management system in organization

Vitalii Bezshtanko, Oleksandr Makarevych

Abstract


The main objective of paper is the elaboration a common project of implementation information security management systems (ISMS) for organizations. For this, the steps of construction ISMS have been described in accordance with the rules and guidelines of the project management. Thus, in paper, the defined benefits were received by the company as a result of the implementation of an ISMS. The scope management plan of ISMS was prepared and described. Also, in the work the objectives and tasks of project were identified. The plan for the project time management was suggested. The necessary human resources were defined and plan by for their use was designed. The plan of the communications management between stakeholders and participants was compiled in the project. An algorithm for determining the project cost was proposed. The criteria assessment the quality of the project of implementation ISMS is proposed. The mechanism for monitoring these criteria is developed. The algorithm of risks assessment of the project is defined. The process of the project ending is described. Taking into account the objective of the work, it’s creating “a common project for any system...” but it was not possible to finish all phases of the project. Using the project as an example will help to understand what the head of the organization needs to do for the successful building ISMS.


Keywords


Information security; information security management; information security management system; project management; implementation.

Full Text:

PDF

References


International Organization for Standardization. 2013. ISO/IEC 27001, Information technology. Security techniques. Information security management. Requirements.

Bundesamt für Sicherheit in der Informationstechnik. 2008. BSI-Standart 100-2, IT – Grundschutz Methodology. [Online]. Available: https://www.bsi.bund.de/EN/ Topics/ITGrundschutz/ itgrundschutz_node.html. Accessed on: March, 2, 2016.

“NIST Special Publication”. [Online]. Available: http://csrc.nist.gov/publications/ PubsSPs.html #SP 800. Accessed on: March, 2, 2016.

A Guide to the Project Management Body of Knowledge (PMBOK® Guide). Philadelphia, Pennsylvania, USA: Project Management Institute, 2013.




ISSN 2411-1031 (Print), ISSN 2518-1033 (Online)