SIG-ISM (Information Security Management) Working Group 2 is focusing on creating a guidance on setting up and running ISMS (information security management systems) for NRENs.
This working group was set up in 2016 and is currently let by Robert Tofte (CISO, NORDUnet).
The mailing list of this working group is <ism-wg2@lists.geant.org>
This is a closed confidential mailing list. If you would like to subscribe and join the working group, please contact Sigita Jurkynaite <sigita.jurkynaite@geant.org>
How to prepare the organisation for starting an implementation of ISMS.
This section will discuss what need to be in place before starting an implementation of a ISMS.
When looking at security management the ISO 27001 comes in view. This standard describes all the aspects of security management that need to be in place when an organization wants to be certified for information security management. Though this standard covers all aspects of security management and therefore provides a good guidance, it is not a comfortable standard for implementing quality management processes. You would prefer to integrate quality management closely into your working processen, both operational and managerial. The schematic below illustrates how this can be done in a way that is both complete in terms of the ISO standard and recognizable for day-to-day operations. The upper part of the schematic (blue blobs) specifies the company wide processes. in some organizations the responsibility for information security for products and services is distributed in the organization to products teams, departments or business line. That is illustrated in the lower part (light yellow blobs) of the schematic. If you use a centralised approach for information security you only have to look at the upper part of the schematic. Teh chapters of ISO27001 are mapped on this schematics with the dark yellow/orange blobs.
Meeting notes
The minutes of the SIG-ISM WG2 meetings are confidential - the viewing is restricted to the SIG-ISM mailing list members only.
SOA
SOA_Template_UNINETT_Engelsk.xlsx