A study on comparative analysis of the information security management systems

Abstract

Due to the advance of mobile network, E-commerce, Open Networks, and Internet Banking, Information Security Management System (ISMS) is used to manage information of their customer and themselves by a government or a business organization. The best known ISMSs are BS7799/ISO17799, Common Criteria, which are international standard. And some nations use their own ISMS, e.g., DITSCAP of USA, IT Baseline Protection Manual of Germany, ISMS of Japan. The paper explains the existed ISMSs and presents a comparative analysis on difference among ISMSs. The discussion deals with different aspects of types of the ISMSs: analysis on the present condition of the ISMSs, certification structure, and certification evaluation process. The study contribute so that a government or a business organization is able to refer to improve information security level of the organizations. The case study can also provide a business organization with an easy method for building ISMS. © 2010 Springer-Verlag Berlin Heidelberg.