Title: Applying ISO 17799:2005 in information security management

Authors: Ming-Chang Lee, To Chang

Addresses: Department of Information Management, Fooyin University, Ta-Liao Hsiang, Kaohsiung County 831, Taiwan, ROC. ' Department of Information Management, Shu-Te University, Yanchao Hsiang, Kaohsiung County 82445, Taiwan, ROC

Abstract: In this paper, we discussed ISO 17799:2005 control, process, and security organisation structure. According to the results, the code of practice for information security management includes: capture the processes for implementing information security management in organisational Information Security Management System (ISMS), provide an organisational security structure to assess the extent information security management efforts, provide a comprehensive framework for ensuring the effectiveness of information security control over the information sources that support operations and assets. A case example (National Tax Administration Southern Taiwan Province) of an organisational security management, including organisational security structure, ISMS plan-do-check-act cycle, and information asset assessment management are discussed.

Keywords: information security management; information security management systems; ISO 17799:2005; risk management; security management; standards.

DOI: 10.1504/IJSS.2007.013754

International Journal of Services and Standards, 2007 Vol.3 No.3, pp.352 - 373

Published online: 25 May 2007 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article