INFORMATION SECURITY MANAGEMENT SYSTEM

摘要

An information security management system and tool for developing standards and procedures related to those standards across an organization. The system of the invention takes proposed information technology (IT) requirements for an organization and rationalizes these requirements as standards or procedures or rejects the requirements as neither a standard nor a procedure. Each proposed standard is scored for its relationship to a rule, the risk to the organization from failing to comply with the requirement and the operational impact on the organization. Proposed procedures are also scored for organizational impact. The rationalization score and risk score for the standard to which the procedure relates are also used to score the procedures. Each standard is linked to the rule on which it is based and each procedure is linked to the standard it supports.