Jump to content

IASME

From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by Fitindia (talk | contribs) at 19:07, 8 August 2016 (top: clean up, typo(s) fixed: medium sized → medium-sized using AWB). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

IASME (pronounced I-ASME) is an information assurance standard that is particularly suitable for Small and medium-sized enterprises (SMEs). It was originally developed as an academic-SME partnership and has attracting interest among decision-makers within the UK small business community.[1] IASME controls are aligned with the Cyber Essentials scheme.

Research towards the IASME model was undertaken in the UK during 2009-10,[2] after an acknowledgement that the current international information assurance standard (ISO/IEC 27001:2013) was complex for resource-strapped SMEs, providing a weakness in the supply chain. IASME was developed during 2010-11. It was launched later that year,[3] and has been regularly revised to keep pace with changes in the information risk ecosystem. The development process with SMEs was explained in a published International SME conference paper.[4]

The IASME standard follows the same implementation pattern used by the international standards community including PDCA (Plan-Do-Check-Act) principles [5] and the Information Security Management System (ISMS) which provides a management framework. Both are refined and expressed in business terms recognizable by most organisations.

The IASME standard was developed and piloted with the help of small businesses mostly in the West Midlands of the UK with encouraging results,.[6][7] However, IASME is applicable and useful to any small or medium-sized business, whether in the UK, or beyond.[8] It was designed for and is particularly useful for SMEs that make up part of a supply chain. An article explaining the supply chain benefits has been written by its developer, David Booth.[9] Larger businesses could also use the IASME certification as an alternative to the ISO/IEC BS27001 standard. Future development of the standard for particular business sectors such as insurance and law is possible.

The IASME standard has become a focus of attention, as the information security threat to UK businesses continues to increase, and vulnerabilities in their systems continue to cause expensive data breaches and system failures. The increasing number of newspaper and journal articles on this subject reflect an increased security awareness, and several are included here.[10][11] Moreover, IASME was specifically mentioned in a keynote speech at the Infosec Europe 2013 event held in London on 23–25 April.[12] and received an innovation award from Computer Weekly Europe shortly afterwards.[13]

The IASME standard and implementation process are managed by The IASME Consortium Ltd.

See also

References

  1. ^ BIS call for interest: IASME, 11 March 2013 by Consultancy Week Team. Retrieved on 19 April 2013
  2. ^ [1] "Information Assurance and SMEs: Research Findings to inform the development of the IASME model" Retrieved on 27 October 2012
  3. ^ BCS Security Blog, 15 April 2011, Retrieved on 14 September 2012
  4. ^ IASME: Information Security Management Evolution for SMEs Retrieved on 15 March 2013
  5. ^ [2] "Plan-Do-Check-Act Cycle — The PDCA cycle" Retrieved on 27 October 2012
  6. ^ News — Fraggleworks Retrieved 27 October 2012
  7. ^ [3] "Securing the Supply Chain", Retrieved 17 March 2013
  8. ^ [4] "Reputation Assured with IASME" Retrieved 27 October 2012
  9. ^ [5] "Protecting Information — Your Most Important asset" Retrieved on 27 October 2012
  10. ^ [6] Vigilance Security Magazine, 14 February 2013
  11. ^ Financial Times, 25 February 2013
  12. ^ Cabinet Office, 23 April 2013
  13. ^ [7]