Systems and Network Infrastructure Integration: Design, Implementation, Safety and Supervision by Helali Saida;

Author:Helali, Saida; [Helali, Saida]
Language: eng
Format: epub
Publisher: John Wiley & Sons, Incorporated
Published: 2020-10-23T00:00:00+00:00

Security service Means of security

Confidentiality Encryption techniques

Integrity Hash functions

Availability Redundancy, backup

Authenticity Certificate, biometry

Nonrepudiation Signature, electronic notary

6.5. Security management systems: norms and security policies

6.5.1. Norms

Security is multidisciplinary. It has multiple aspects, in this context ethical, legislative, technological, methodological and normative.

The securitization of an information system is a relatively arduous task requiring an IT security management system to guide it.

A management system is defined by the ISO as “a system enabling the establishment of a policy and objectives and the attainment of these objectives”. It can be considered as a set of organizational measures and techniques targeting specific objectives. These systems are based on reference sources that formalize policies and procedures so that they can be subsequently audited.

The implementation of these information security management systems, or ISMS, requires material, human and financial resources, an investment that is justifiable insofar as these security management systems increase reliability. Moreover, the fact of being audited or even certified by a standardization organization increases trust and confidence in a business on the part of its partners.

The 2700X family of ISO norms sets the standards for information security management systems (ISMS). We are referring more specifically here to norm ISO27001, which sets requirements for the setup of an ISMS, and norm ISO27002, which provides a catalogue of best practices for information security management.

Norm ISO27001 relies on a process-based approach, and more precisely on the Deming wheel process, or PDCA model (for Plan, Do, Check, Act):

– the Plan phase consists of defining the perimeter to be secured, gauging the risks and selecting security measures;

– the Do phase consists of planning how risks will be addressed, designing significant indicators, training personnel and managing incidents;

– the Check phase uses controls, audits and review to regularly assess the current state of the information system's security;

– the Act phase involves the implementation of corrective, preventive and improvement-related actions in the event that the predetermined objectives have not been met.

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.