About the integration of information security and quality management


Information Security Management System Standards



Download 18,44 Kb.
bet3/5
Sana09.07.2022
Hajmi18,44 Kb.
#760689
1   2   3   4   5
Bog'liq
Erkaboev, Jarqinboev

Information Security Management System Standards
ISO/IEC 2700x is a series of international standards that includes information security (IS) standards published jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). The series contains best practices and recommendations in the field of information security for the creation, development and maintenance of ISMS. The ISO/IEC 2700x series demonstrates a whole system of regulatory international documents that reflect the Western model of information security management, containing guidelines, rules, and security measures.
One of the most famous and practical standards is ISO/IEC 27001:2005 "Information technology - Security techniques and tools - Information security management systems - Requirements".
The standard defines information security as: “maintaining the confidentiality, integrity and availability of information; in addition, other properties can be included, such as authenticity, non-repudiation, credibility.”
The standard provides guidance for both implementing an ISMS and obtaining third party certification that security controls exist and function in accordance with the requirements of this standard. The standard describes the ISMS as a comprehensive management system based on business risk principles for implementing, operating, monitoring and maintaining a security management system.
Similarities between ISO 9001 and ISO 27001
Both standards are built on the principle of a "process approach" in the development, implementation and improvement of the effectiveness of the ISMS. The "process approach" is understood as a system of identification and management of the processes used by the organization, as well as ensuring their interaction. The main advantage of this approach is continuous management (at the intersection of processes, their various combinations and interactions). One of the methods for implementing the “process approach” to management is the classic closed cycle of management Plan-Do-Check-Act, known as the “Deming cycle”, “Deming-Shewhart cycle”, which is laid down again in the QMS process organization model of the ISO 9001 standard. In addition to the same “process approach”, the QMS and ISMS standards correspond to each other, and moreover, they have a similar structure in terms of requirements, which is reflected in the annex to the ISO 27001 standard. ISO 27001 and ISO 9001 standards have a similar structure for regulating the quality system and the information system security. At the same time, it can be concluded that the ISO 27001 standard has a wider application.

Download 18,44 Kb.

Do'stlaringiz bilan baham:
1   2   3   4   5



Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling
kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha

yuklab olish