Welcome to the InfoSci Platform
Implementation of Information Security Management System (ISMS)

Implementation of Information Security Management System (ISMS)

Carrison K.S. Tong, Eric T.T. Wong
Copyright: © 2009 |Pages: 18
ISBN13: 9781599046723|ISBN10: 1599046725|ISBN13 Softcover: 9781616925383|EISBN13: 9781599046747
DOI: 10.4018/978-1-59904-672-3.ch004
Cite Chapter Cite Chapter

MLA

Carrison K.S. Tong and Eric T.T. Wong. "Implementation of Information Security Management System (ISMS)." Governance of Picture Archiving and Communications Systems: Data Security and Quality Management of Filmless Radiology, IGI Global, 2009, pp.53-70. https://doi.org/10.4018/978-1-59904-672-3.ch004

APA

C. Tong & E. Wong (2009). Implementation of Information Security Management System (ISMS). IGI Global. https://doi.org/10.4018/978-1-59904-672-3.ch004

Chicago

Carrison K.S. Tong and Eric T.T. Wong. "Implementation of Information Security Management System (ISMS)." In Governance of Picture Archiving and Communications Systems: Data Security and Quality Management of Filmless Radiology. Hershey, PA: IGI Global, 2009. https://doi.org/10.4018/978-1-59904-672-3.ch004

Export Reference

Mendeley
Favorite

Abstract

Fundamental to ISO 27000 (ISO/IEC 27001:2005, 2005) is the concept of an information security management system (ISMS). The information security management system (ISMS) is the part of the overall management system, which is based on a business risk approach, to establish, implement, operate, monitor, maintain, and improve information security. The management system includes organization, structure and policies, planning activities, responsibilities, practices, procedures, processes, and resources. For the management of information security, its scope, administration and resources will depend on the size of the healthcare organization and information resources in question. The ISMS should be effective if it is to be useful to the organization. Information security should be an integral part of the healthcare organization’s operating and business culture. Information security is primarily a management issue, rather than a technical issue, although one should not ignore the technical problems especially given the widespread dependence on the use of IT. Information security management is not a one-off exercise, but should be seen as an ongoing activity of continual improvement. Well-managed information security is a business enabler. No organization can operate successfully in today’s world without information security. A well chosen management system of controls for information security, properly implemented and used, will make a positive contribution to the success of the healthcare organization, not just a cost against the bottom line.

Request Access

You do not own this content. Please login to recommend this title to your institution's librarian or purchase it from the IGI Global bookstore.