Authors: Sh. Ladan, A. Yari, H. Khodabandeh

Abstract:

The need for Information Security in organizations, regardless of their type and size, is being addressed by emerging standards and recommended best practices. The various standards and practices which evolved in recent years and are still being developed and constantly revised, address the issue of Information Security from different angles. This paper attempts to provide an overview of Information Security Standards and Practices by briefly discussing some of the most popular ones. Through a comparative study of their similarities and differences, some insight can be obtained on how their combination may lead to an increased level of Information Security.

Keywords: Information security management, information security standard, BS7799, ISO 17799, COBIT.

Digital Object Identifier (DOI): doi.org/10.5281/zenodo.1084496

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1505

References:

[1] Executive Brief: Managing Security Risk-Value of a Security Program Approach February 2004.
[2] Evangeles D. Frangopoulos, Mariki M. Eloff, "A Comparative Study of Standards and Practices Related to Information Security Management" Cairo, Egypt, 2004.
[3] Tom Carlson, "Understanding ISO17799", Principal Consultant - Information Protection & Assurance HotSkills, Inc.
[4] Information Security Forum, "The Standard of Good Practice for Information Security," Version 4, March 2003..
[5] Information Systems Security Association (ISSA), "The Generally Accepted Information Security Principles (GAISP)", in preparation.
[6] Information Technology Governance Institute, "Information Security Governance: Guidance for Boards of Directors and Executive Management," 2001.
[7] WWW.bsi-global.com