Implementation of information security management system in organization
DOI:
https://doi.org/10.20535/2411-1031.2016.4.1.95933Keywords:
Information security, information security management, information security management system, project management, implementation.Abstract
The main objective of paper is the elaboration a common project of implementation information security management systems (ISMS) for organizations. For this, the steps of construction ISMS have been described in accordance with the rules and guidelines of the project management. Thus, in paper, the defined benefits were received by the company as a result of the implementation of an ISMS. The scope management plan of ISMS was prepared and described. Also, in the work the objectives and tasks of project were identified. The plan for the project time management was suggested. The necessary human resources were defined and plan by for their use was designed. The plan of the communications management between stakeholders and participants was compiled in the project. An algorithm for determining the project cost was proposed. The criteria assessment the quality of the project of implementation ISMS is proposed. The mechanism for monitoring these criteria is developed. The algorithm of risks assessment of the project is defined. The process of the project ending is described. Taking into account the objective of the work, it’s creating “a common project for any system...” but it was not possible to finish all phases of the project. Using the project as an example will help to understand what the head of the organization needs to do for the successful building ISMS.
References
International Organization for Standardization. 2013. ISO/IEC 27001, Information technology. Security techniques. Information security management. Requirements.
Bundesamt für Sicherheit in der Informationstechnik. 2008. BSI-Standart 100-2, IT – Grundschutz Methodology. [Online]. Available: https://www.bsi.bund.de/EN/ Topics/ITGrundschutz/ itgrundschutz_node.html. Accessed on: March, 2, 2016.
“NIST Special Publication”. [Online]. Available: http://csrc.nist.gov/publications/ PubsSPs.html #SP 800. Accessed on: March, 2, 2016.
A Guide to the Project Management Body of Knowledge (PMBOK® Guide). Philadelphia, Pennsylvania, USA: Project Management Institute, 2013.
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2020 Collection "Information technology and security"
This work is licensed under a Creative Commons Attribution 4.0 International License.
The authors that are published in this collection, agree to the following terms:
- The authors reserve the right to authorship of their work and pass the collection right of first publication this work is licensed under the Creative Commons Attribution License, which allows others to freely distribute the published work with the obligatory reference to the authors of the original work and the first publication of the work in this collection.
- The authors have the right to conclude an agreement on exclusive distribution of the work in the form in which it was published this anthology (for example, to place the work in a digital repository institution or to publish in the structure of the monograph), provided that references to the first publication of the work in this collection.
- Policy of the journal allows and encourages the placement of authors on the Internet (for example, in storage facilities or on personal web sites) the manuscript of the work, prior to the submission of the manuscript to the editor, and during its editorial processing, as it contributes to productive scientific discussion and positive effect on the efficiency and dynamics of citations of published work (see The Effect of Open Access).
