Evaluation of Infosec Management System

Abstract

This paper focuses on the comprehensive evaluation and measurement of ISM(Information Security Management) system based on ISO/IEC27000,analyzes in depth the establishment indicators system and the selection of evaluation method. The relationship and distinctions between evaluation and measurement of ISM are discussed,and the shortcomings resulted from the separation of ISM measurement from evaluation also analyzed. The integration of infosec measurement and infosec management evaluation is suggested. Experiment indicates that the infosec management and evaluation mechanism could benefit the theoretical system and guide the application implementation of infosec management.