Information Security Management consists of various facets, such as Information Security Policy, Risk Analysis, Risk Management, Contingency Planning and Disaster Recovery; these are all interrelated in some way, often causing uncertainty and confusion among top management. This paper proposes a model for Information Security Management, called an Information Security Management Model (ISM2), which puts all the various facets in context. The model consists of five different levels, defined on a security axis. ISM2introduces the idea of international security criteria or international security standards. The rationale behind these is to enable information security evaluation according to internationally accepted criteria. Due to the lack of internationally recognized and/or accepted information security standards and criteria, this model cannot be implemented in its totality at this time. A restricted form is implemented, forming an information security evaluation tool. This tool can be used for information security management with great success within an organization. © 1994.
Mendeley saves you time finding and organizing research
Choose a citation style from the tabs below