A methodology to implement an information security management system

Authors

  • Alaíde Barbosa Martins Cetrel S.A. - Empresa de Proteção Ambiental
  • Celso Alberto Saibel Santos Universidade Salvador

DOI:

https://doi.org/10.4301/S1807-17752005000200002

Keywords:

Information Security, Information Security Management System, ISMS, ISO/IEC 17799

Abstract

Information security has actually been a major challenge to most organizations. Indeed, information security is an ongoing risk management process that covers all of the information that needs to be protected. ISO 17799 offers what companies need in order to better manage information security. The best way to implement this standard is to ease the security management process using a methodology that will define will define guidelines, procedures and tools that will be needed along the way. Hence, this paper proposes a methodology to assist companies in assessing their compliance with BS 7799/ ISO 17799 as well as planning and implementing the actions necessary to become compliant or certified to the standard. The concepts and ideas presented here had been applied in a case study involving the Cetrel S/A - Company of Environmental Protection. For this company, responsible for treatment of industrial residues generated by the Camaçari Petrochemical Complex and adjacent areas, to assure confidentiality and integrity of customers' data is a basic requirement.

Downloads

Download data is not yet available.

Published

2005-01-01

Issue

Section

nd2141500078

How to Cite

A methodology to implement an information security management system . (2005). Journal of Information Systems and Technology Management, 2(2), 121-136. https://doi.org/10.4301/S1807-17752005000200002