This paper discusses how to create a successful implementation of an Information Security Management System (ISMS) within an organization.

Written in 2009; 4,687 words; 24 sources; APA; $ 120.95

This paper goes into great detail about how to successfully implement an Information Security Management Systems (ISMS) initiative into an organization, with the aim to increase internal process performance, create strong sustainability and to significantly strengthen security. Specifically, this paper looks at a number of ISMS standards and necessary audit processes. Furthermore, the paper explains the ISMS implementation cycle, which is comprised of seven steps including the initiation of the project, definition of the ISMS which encompasses defining the system architecture and system integration strategies, risk assessment, risk treatment, training and awareness, audit preparation, and audit. Additionally, the paper asserts that due to the fact that ISMS implementations provide long-term change to organizational cultures, theories and a recommendation of using business process management (BPM) as the catalyst for change management are provided. Throughout the paper, the author provides a number of detailed graphs and figures to illustrate the papers points. Finally, the paper aims to conclude that beyond compliance for audit-ability, ISMS implementations are becoming long-term competitive advantages in highly regulated, highly competitive industries.

Outline:
Introduction
Complying with ISMS Standards
The Catalyst of a Successful ISMS Implementation is Change Management
Using the DICE Model in ISMS Implementations
Using Lewin's Model in ISMS Implementations
Using the Speed of Change Model in ISMS Implementations
Using Theories E and O in ISMS Implementations
Using Business Process Re-engineering in ISMS Implementations
Defining an Information Security Management System (ISMS)
Revising and Augmenting an Information Systems Architecture
Audit Preparation and Auditing
Conclusion

"Organizations implementing ISMS are relying on Service-Oriented Architectures (SOA) to integrate them into the accounting, customer, and financial systems throughout an organization. The defining of an information systems architecture that is capable of integrating with business processes from accounting, customer-based and financial data is critical for the most sensitive organization data is to be secured. To concentrate only on the most critical IT systems, whether than be only the Accounts Payable, MRP, or Accounts Receivable systems and secure them is to be too myopic and lose the point of what an integrated ISMS implementation can deliver organization-wide. The point has been made that in the initial planning stages of an ISMS, the greater the number of system integration points in the system the faster Return on Investment (ROI) is attained (Hong, Chi, Chao, Tang, 2003). This finding is further substantiated by the eleven separate domains that comprise the ISO/IEC 27001 standard. The previous approaches to create silo-like and highly controllable ISMS implementations, which easily accomplished technologically (Doughty, 2003) are archaic and actually lack the necessary process integration points to make a strategic contribution to the organizations they are implemented in.
"Arguably given how complex and interconnected processes are, made more complicated through sporadic systems integration practices the original design objectives of an ISMS Implementation are often not achieved. When the phases of an ISMS Implementation methodology are taken into account the role of an SOA becomes even more imperative as an enterprise information systems platform. The need for keeping the scope, boundaries and ISMS policies coordinated through enterprise content management (ECM) systems to ensure a high level of security and adaptability is accomplished in Phase 1 of an implementation. The second phase of an SOA development cycle aligns with the third and fourth phases of the ISMS Implementation methodology focusing on risk assessment and risk treatment. Identifying risks, analyzing and evaluating risks and selecting control objectives and controls are the essence of any successful ISMS implementation strategy. Risk assessments need to be designed to allow for ISO 17799 compliance. There is also the critical need of integrating risk assessment and treatment strategies across business processes that tie their results back to the ISMS policy and strategy on the one hand and the management authorization in the subsequent phases of the implementation roadmap."

Tags: standards audit processes, Service-Oriented Architectures, implementations, change management

1. Essay (General) # 38268 :: Information Security Management ( 2,150 words; 8 sources; )
2. Term Paper # 74964 :: Electronic Information Security Documentation ( 1,138 words; 3 sources; )
3. Essay (General) # 72396 :: Private Company Security ( 1,130 words; 5 sources; )
4. Term Paper # 107007 :: Warehouse Management Systems ( 1,035 words; 2 sources; )