Information Security Management System, ISMS
Information security is the protection of information to ensure:
Information Security Management System (ISMS) is way to protect and manage information based on a systematicbusiness risk approach, to establish, implement, operate, monitor, review, maintain, and improveinformation security. It is an organizational approach to information security.
The sections that follow describe the steps involved in establishing an ISMS.
- Determine the scope of the ISMS :
When management has made the appropriate commitments, you can begin to establish your ISMS. In this step, you should determine the extent to which you want the ISMS to apply to your organization.
- Risk assessment and management:
Risk assessment is the process of identifying risks by analyzing threats to, impacts on, and vulnerabilities of information and information systems and processing facilities, and the likelihood of their occurrence.
- Set up policy and procedures:
The documentation of the policy and procedures is a requirement of ISO/IEC 27001. For each control that you define, you must have corresponding statements of policy or in some cases a detailed procedure.
- The implementation of the ISMS:
Adequate resources (people, time, money) should be allocated to the operation of the ISMS and all security controls.