A Methodology to Implement an Information Security Management System

Authors

  • Alaíde Barbosa Martins
  • Celso Alberto Saibel Santos

DOI:

https://doi.org/10.4301/s1807-17752005000200002

Abstract

Information security has actually been a major challenge to most organizations. Indeed, information security is an ongoing risk management process that covers all of the information that needs to be protected. ISO 17799 offers what companies need in order to better manage information security. The best way to implement this standard is to ease the security management process using a methodology that will define will define guidelines, procedures and tools that will be needed along the way. Hence, this paper proposes a methodology to assist companies in assessing their compliance with BS 7799/ ISO 17799 as well as planning and implementing the actions necessary to become compliant or certified to the standard. The concepts and ideas presented here had been applied in a case study involving the Cetrel S/A - Company of Environmental Protection. For this company, responsible for treatment of industrial residues generated by the Camaçari Petrochemical Complex and adjacent areas, to assure confidentiality and integrity of customers' data is a basic requirement.

Author Biographies

Alaíde Barbosa Martins

Cetrel S.A. – Empresa de Proteção Ambiental, Brazil alaide@cetrel.com.br

Celso Alberto Saibel Santos

Professor Doutor da Universidade Salvador e pesquisador do Núcleo de Pesquisa em Redes de Computadores (NUPERC), Brazil - saibel@unifacs.br

Downloads

Published

2006-11-18

How to Cite

Barbosa Martins, A., & Saibel Santos, C. A. (2006). A Methodology to Implement an Information Security Management System. Journal of Information Systems and Technology Management, 2(2), p. 121–136. https://doi.org/10.4301/s1807-17752005000200002

Issue

Vol. 2 No. 2 (2005)

Section

Articles

License

Terms and Conditions The articles are author's responsibility. The publisher allows the author(s) to hold the copyright without restrictions and to retain publishing rights without restrictions. When submitting an article to JISTEM, authors are responsible for acknowledge and list any conflict of interest and financial support that may have influenced on the research results. Authors are required to sign an official copyright form. CC licensing You are free to: Share — copy and redistribute the material in any medium or format Adapt — remix, transform, and build upon the material for any purpose, even commercially. The licensor cannot revoke these freedoms as long as you follow the license terms. Under the following terms: Attribution — You must give appropriate credit, provide a link to the license, and indicate if changes were made. You may do so in any reasonable manner, but not in any way that suggests the licensor endorses you or your use. No additional restrictions — You may not apply legal terms or technological measures that legally restrict others from doing anything the license permits. Notices: You do not have to comply with the license for elements of the material in the public domain or where your use is permitted by an applicable exception or limitation. No warranties are given. The license may not give you all of the permissions necessary for your intended use. For example, other rights such as publicity, privacy, or moral rights may limit how you use the material. The aim of the Directory of Open Access Journals is to increase the visibility and ease of use of open access scientific and scholarly journals thereby promoting their increased usage and impact. The articles have free availability on the public internet, permitting any users to read, download, copy, distribute, print, search, or link to the full texts of these articles Creative Commons License http://creativecommons.org/licenses/by/4.0/ Al papers are licensed under a Creative Commons Attribution 4.0 International License. Journal's policy of screening for plagiarism: Plagiarism is strictly forbidden, and by submitting the article for publication the authors agree that the publishers have the legal right to take appropriate action against the authors, if plagiarism or fabricated information is discovered.