Applying ISO 17799:2005 in information security management Online publication date: Fri, 25-May-2007
by Ming-Chang Lee, To Chang
International Journal of Services and Standards (IJSS), Vol. 3, No. 3, 2007
Abstract: In this paper, we discussed ISO 17799:2005 control, process, and security organisation structure. According to the results, the code of practice for information security management includes: capture the processes for implementing information security management in organisational Information Security Management System (ISMS), provide an organisational security structure to assess the extent information security management efforts, provide a comprehensive framework for ensuring the effectiveness of information security control over the information sources that support operations and assets. A case example (National Tax Administration Southern Taiwan Province) of an organisational security management, including organisational security structure, ISMS plan-do-check-act cycle, and information asset assessment management are discussed.
Existing subscribers:
Go to Inderscience Online Journals to access the Full Text of this article.
If you are not a subscriber and you just want to read the full contents of this article, buy online access here.Complimentary Subscribers, Editors or Members of the Editorial Board of the International Journal of Services and Standards (IJSS):
Login with your Inderscience username and password:
Want to subscribe?
A subscription gives you complete access to all articles in the current issue, as well as to all articles in the previous three years (where applicable). See our Orders page to subscribe.
If you still need assistance, please email subs@inderscience.com