Information Security Management Systems (ISMS) is a systematic and structured approach to managing information so that it remains secure. ISMS implementation includes policies, processes, procedures, organizational structures and software and hardware functions.
The ISMS implementation should be directly influenced by the organization’s objectives, security requirements, processes employed, size and structure
Organizations and their information systems and networks are exposed with security THREATS such as fraud, espionage, fire, flood and sabotage from a wide range of sources. The increasing number of security breaches has led to increasing information security concerns among organizations worldwide.
ACHIEVING INFORMATION SECURITY is a huge challenge for organization as it CANNOT BE ACHIEVED THROUGH TECHNOLOGICAL MEANS ALONE, and should never be implemented in a way that is either out of line with the organization’s approach to risk or which undermines or creates difficulties for its business operations.
Thus there is a need to look at information security from a HOLISTIC PERSPECTIVE, and to have an information security management methodology to protect information systematically. This is where the need for ISMS comes in.
Information Security Management ISM ensures confidentiality, authenticity, non-repudiation, integrity, and availability of organization data and IT services. It also ensures reasonable use of organization’s information resources and appropriate management of information security risks.
Security Policy :
Organizing Information Security
Asset Management
Human Resources Security
Physical and Environmental Security
Communications and Operations Management
Access Control
Information Systems Acquisition, Development and Maintenance
Information Security Incident Management
Business Continuity Management
Compliance
Security Policy :
Identify risk events or factors
Quantify potential impact of each event
Establish a baseline for project non-controllable elements... (I.e. What will you do if it happens?)
Exercise influence over project controllable elements... (I.e. What can you do to reduce the likelihood? The impact?)