As part of the SecSIG is a group named the SecSIG Information Security Management Subcommittee. This group within the SecSIG is focused in particular on the ISO/IEC 27000 family of information security standards, and related information security management topics.
More and more, ISO/IEC 27002 is being accepted as a de facto standard in information security. As this happens and as the ISO 27000 family of standards comes to life, there is a need in British Columbia for information about the standard and its application. As well, there is an increasing requirement to implement security programs aligned to ISO/IEC 27002 and enhance an organization’s risk management and security management activities. This applies to private and public organizations, of all sizes.
Interest in these elements, in part, led originally to the creation of the BC ISMS User Group in May 2006. The group initially met in May 2006 and due to the high interest, was then formalized into the BC ISMS User Group.
In September 2012, the BC ISMS User Group and the Vancouver Security Special Interest Group (SecSIG) were merged. The BC ISMS User Group became a subcommittee of the SecSIG, now named the SecSIG Information Security Management Subcommittee.
The SecSIG Information Security Management Subcommittee helps to organize an annual event on ISO/IEC Security Management Standards for the local community. For the past few years, this event has been held in January.
The aims of the Information Security Management Subcommittee are:
To promote and disseminate the application of best practices and know-how of good information security management based on the use of ISO/IEC Security Management Standards (ISO/IEC 27000 series).
To promote awareness and understanding of ISMS standards, certification and developments for the benefit of businesses in British Columbia.
To provide a platform through which the members of the Information Security Management Subcommittee can provide their views and exchange working experiences regarding the process of establishing, implementing and maintaining an information security management system (ISMS) and its certification based on the use of ISO/IEC 27001, and to learn from those that are already gone through the process.
To collect together views and ideas, to research building ISMS solutions, and develop briefing papers on related ISMS topics.