원문정보
초록
영어
In recent times, and in order to maintain an integrated, efficient and homogeneous policy, Integrated Management Systems (IMS) have emerged as an opportunity to improve processes related to Information Technology (IT) in organizations in a way that is modular, consistent and orderly. The ISO 27001 and ISO 20000 standards provide good practices for creating and/or strengthening management infrastructure whose purpose is information security and IT services. In an attempt to provide information on how these standards are related, as well as to facilitate their integration under a single IMS, this article presents the harmonization strategy and results of the harmonization of standards ISO 27001 and ISO 20000 in an organization. The work thereby supports organizations which are interested in knowing how to carry out the harmonization of these models. It also provides a detailed analysis of their similarities and differences, showing an example of how to carry out the integration of related practices between ISO 27001 and ISO 20000-2. In addition, some benefits achieved by the organization are presented.
목차
1. Introduction
2. Related Work
3. Configuring a Harmonization Strategy
3.1. Organization’s Needs
3.2. Harmonization Strategy Configured
4. Harmonizing ISO 27001 and ISO 20000-2
4.1. Carrying out the Homogenization
4.2. Designing the Comparison
4.3. Carrying out the Mapping
4.4. Analyzing the Results of the Mapping
5. Integrating ISO 27001 and ISO 20000-2
6. Some Benefits Reported by Audisec
7. Conclusions
Acknowledgments
References