Search in ISMS Guides


Wednesday, September 5, 2007

E-Governance Information Security Standard

Draft document, Version 01, 12 Oct 2006

0. Introduction

0.1 General
This Standard has been prepared to provide a model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an Information Security Management System (ISMS). The adoption of an ISMS should be a strategic decision for an organization. The design and implementation of an organization’s ISMS is influenced by their needs and objectives, security requirements, the processes employed and the size and structure of the organization. These and their supporting systems are expected to change over time. It is expected that an ISMS implementation will be scaled in accordance with the needs of the organization, e.g. a simple situation requires a simple ISMS solution.
This Standard can be used in order to assess conformance by interested internal and external parties.

0.2 Process approach
This Standard promotes the adoption of a process approach for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an organization's ISMS.
An organization must identify and manage many activities in order to function effectively. Any activity using resources and managed in order to enable the transformation of inputs into outputs can be considered to be a process. Often the output from one process directly forms the input to the following process.
The application of a system of processes within an organization, together with the identification and interactions of these processes, and their management, can be referred to as a “process approach”.

View All Information : E-Governance Information Security Standard

Comparison of Controls ISO/IEC 27001:2005 to ISO/IEC 17799:2000

The new ISO 27001 standard (based on BS 7799-1 and ISO17799:2000) has been released in the fourth quarter of 2005. To assist in comparing the
new version of the standard to the previous version, a list of the controls is presented in

HIPAA Security for Wireless Networks (Ebook)

By NetMotion Wireless for ITtoolbox Wireless

Securing data in a health care setting is a daunting task. Although most facilities contain up-to-date
medical technology, many have antiquated communication networks lacking the security and
encryption required to protect patient information. The physical structures of hospitals make it
difficult or even impossible to add wiring for adequate networking, which is why many IT departments
have opted for a wireless network. Implementing a wireless LAN can be both more costeffective
and less problematic then implementing a wireline network, but they are not without their
challenges. Security risks exist and connectivity is a concern while roaming through buildings that
contain elevators, radiology room shielding, or other physical structures that “break” wireless
network sessions.
Under the mandated provisions of the Health Insurance Portability & Accountability Act (HIPAA),
IT managers now have a timeline for implementing government-legislated security and privacy
measures to protect patient data. Although HIPAA may seem burdensome, it benefits caregiver
organizations by creating a proactive measure for managing and maintaining reasonable security
safeguards and protecting patient data from unauthorized users.

View all information :