Abstract
Information security management systems (ISMSs) are used to manage information about their customers and themselves by governments or business organizations following advances in e-commerce, open networks, mobile networks, and Internet banking. This paper explains the existing ISMSs and presents a comparative analysis. The discussion deals with different types of ISMSs. We addressed issues within the existing ISMSs via analysis. Based on these analyses, then we proposes the development of an information security management evaluation system (ISMES). The method can be applied by a self-evaluation of the organization and an evaluation of the organization by the evaluation committee. The contribution of this study enables an organization to refer to and improve its information security levels. The case study can also provide a business organization with an easy method to build ISMS and the reduce cost of information security evaluation.
| Original language | English |
|---|---|
| Pages (from-to) | 1192-1213 |
| Number of pages | 22 |
| Journal | KSII Transactions on Internet and Information Systems |
| Volume | 5 |
| Issue number | 6 |
| DOIs | |
| Publication status | Published - 2011 Jun |
Keywords
- Information security check
- Information security evaluation
- Information security evaluation process
- Information security management systems (ISMSs)
ASJC Scopus subject areas
- Information Systems
- Computer Networks and Communications