Help Define Best Practices for Information Security
Several U.S. information security firms have joined to help form the U.S. chapter of the Information Security Management Systems International User Group (ISMS IUG). This new chapter will support users of information security management systems (ISMS) in various industries around the country.
Most people consider information security practices to include firewalls, security patches and anti-virus software, but a complete ISMS is far more complex. An ISMS is a systematic approach to guarantee the security of sensitive information, covering all aspects that come together to enforce an organization’s security policies—people, processes and technology.
As with any emerging technological field, the best practices are still being established in the information security sector. Organizations are required to secure sensitive information by legislation, such as the Health Insurance Portability and Accountability Act (HIPAA), directed at health care organizations, and the Gramm-Leach-Bliley Act (GLBA), targeted toward financial institutions, and Sarbanes-Oxley legislation, designed to protect shareholders from corporate fraud and accounting errors. While these laws require compliance and include high-level standards, it is difficult for information security officers to determine the best practices and how to apply them.
According to Doug Landoll, president of Veridyn Inc. and vice-chair of the new U.S. chapter of the ISMS IUG, the user group will offer a forum for information security leaders to talk about these issues, determine industry-recognized standards and uncover the best practices for implementing those standards.
The formation of the U.S. chapter of the ISMS IUG is being spearheaded by Symantec, phi solutions, Veridyn and Majec Systems Inc. It will promote and support use of ISMS standards, including existing standards like ISO/IEC 17799, as well as considering other standards like COBIT and the forthcoming GAISP standard. Use of ISMS standards will be supported and promoted through activities such as development and usage workshops and conferences, as well as a user group Web site and publications.
For more information on the new user group, see http://www.us-isms.org.