Top Banner
( Information Security Management System )
13

Isms info

Jan 25, 2017

Download

Business

Abhisek Gupta
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Page 1: Isms info

( Information Security Management System )

Page 2: Isms info

An Information Security Management System (ISMS) is a systematic approach to managing sensitive company information so that it remains secure. It encompasses people, processes and IT systems.

Page 3: Isms info

ISO stands for International Organization for Standardization

ISO/IEC 27001:2013 is the latest International Standard an organization must be measured against to implement a successful ISMS.

It helps identify, manage and minimize the range of threats to which information is regularly subjected.

Page 4: Isms info

Demonstrates company’s commitment in protecting information

Improved customer, employee and partner confidence

Improved information security throughout the organization

Improved security planning

Security management effectiveness

Ongoing protection over Information

Reduced risk over information

Page 5: Isms info

The objective of having an organizational information security framework is to help achieve an effective and efficient way of managing Information security within the organization. A management framework shall be established to manage and control activities related to information security within the organization.

Security Management forum consisting of leadership team shall be established to approve the information security policy, assign security roles and co-ordinate the implementation of security across the organization.

Page 6: Isms info

Information security advisory forum shall be established and made available within the organization. Contacts with external security specialists shall be developed to keep up with industrial trends, monitor standards and assessment methods. This would help to apply the latest countermeasures while dealing with security incidents.

A multi-disciplinary approach to information security should be encouraged, e.g. involving the co-operation and collaboration of managers, users, administrators, application designers, auditors and security staff, and specialist skills in areas such as Legal, Business Continuity Planning, insurance and risk management.

There is a need to define the roles and responsibilities of the individual functions so as to cover the entire the spectrum of the Information Security. This would help establish accountability and streamlining the operations.

Page 7: Isms info
Page 8: Isms info

TABLE OF CONTENTS

DOCUMENT HISTORY AND RETENTION

DOCUMENTATION APPROVAL

DISTRIBUTION LIST

TABLE OF CONTENTS

1.INTRODUCTION

2. LINE OF BUSINESS

Page 9: Isms info

3.ORGANIZATION STRUCTURE

3.1 DEVELOPMENT

3.2 INTEGRATION

3.3 PROJECT MANAGEMENT

3.4 PRODUCT MANAGEMENT

3.5 RELEASE & CONFIGURATION MANAGEMENT

3.6 CUSTOMER HELP DESK AND TECHNICAL SUPPORT

3.7 SETUP& IMPLEMENTATION

3.8 SALES AND ACCOUNT MANAGEMENT

3.9 PR & MARKETING

3.10 INFORMATION TECHNOLOGY

3.11 HUMAN RESOURCE

3.12 ADMIN

3.13 FINANCE

Page 10: Isms info

4.1 UNDERSTANDING THE ORGANISATION AND ITS CONTEXT –CLAUSE 4

4.2 UNDERSTANDING THE NEEDS AND EXPECTATIONS OF INTERESTED PARTIES – CLAUSE

4.3 DETERMINING THE SCOPE OF THE ORGANISATION SECURITY MANAGEMENT SYSTEM – CLAUSE

4.4 INFORMATION SECURITY MANAGEMENT SYSTEM – CLAUSE

5. LEADERSHIP – CLAUSE

5.1 LEADERSHIP AND COMMITMENT – CLAUSE

5.2 POLICY – CLAUSE

5.3 ORGANISATIONAL ROLES, RESPONSIBILITY AND AUTHORITIES – CLAUSE

6. PLANNING – CLAUSE

6.1 ACTIONS TO ADDRESS RISKS AND OPPORTUNITIES – CLAUSE

6.1.1 General – Clause

6.1.2 Information security risk assessment – Clause

6.1.3 Information security risk treatment – Clause

6.2 INFORMATION SECURITY OBJECTIVES AND PLANNING TO ACHIEVE THEM – CLAUSE

Page 11: Isms info

7 SUPPORT – CLAUSE

7.1 RESOURCES – CLAUSE

7.2 COMPETENCE – CLAUSE

7.3 AWARENESS – CLAUSE

7.4 COMMUNICATION – CLAUSE

7.5 DOCUMENTED INFORMATION – CLAUSE

7.5.1 General – Clause

7.5.2 Creating and updating – Clause

7.5.3 Control of documented information – Clause

Page 12: Isms info

8 OPERATION – CLAUSE 8.1 OPERATIONAL PLANNING AND CONTROL – CLAUSE 8.2 INFORMATION SECURITY RISK ASSESSMENT – CLAUSE 8.3 INFORMATION SECURITY RISK TREATMENT – CLAUSE 9 PERFORMANCE EVALUATION – CLAUSE 9.1 MONITORING, MEASUREMENT, ANALYSIS AND EVALUATION –

CLAUSE 9.2 INTERNAL AUDIT – CLAUSE 9.3 MANAGEMENT REVIEW – CLAUSE 10 IMPROVEMENT – CLAUSE 10.1 NONCONFORMITY AND CORRECTIVE ACTION – CLAUSE 10.2 CONTINUAL IMPROVEMENT – CLAUSE

Page 13: Isms info

The End


Related Documents
Isms awareness training

Isms awareness training

Category: Technology
"Isms" of Philosophy

"Isms" of Philosophy

Category: Technology
Understanding the isms

Understanding the isms

Category: Documents
ISMS 인증, 안전진단제도 추진현황및개선방향cfs2.tistory.com/upload_control/download.blog?fhandle=... · 2015. 1. 21. · isms 추진현황 isms 인증isms 인증 안전진단

ISMS 인증, 안전진단제도...

Category: Documents
한국인터넷진흥원 기업보안관리팀 isms@kisa.or · PDF fileInformation Security Management System 1. ISMS 란? 2. ISMS 인증제도 3. ISMS 인증심사기준 4. ISMS 인증절차

한국인터넷진흥원 기업보안관리팀 [email protected]....

Category: Documents
The “Isms”

The “Isms”

Category: Documents
ISMS Internal

ISMS Internal

Category: Documents
Anmeldung ISMS Weiterbildungsprogramm Kontakt · 2019-07-30 · Weiterbildungskonzept ISMS Foundation ISMS Auditor/Lead Auditor Einf. eines zertifizierungsfähigen ISMS ISMS für

Anmeldung ISMS Weiterbildungsprogramm Kontakt ·...

Category: Documents
Parable of Isms

Parable of Isms

Category: Documents
ISMS Workpractice.ppt

ISMS Workpractice.ppt

Category: Documents
Social– isms

Social– isms

Category: Education
Implementing an ISMS AN ISMS 3 ... ISMS AND ISO 27001 An ISMS does not need to be built on the ISO 27001 standard but this standard ... This common framework also ...

Implementing an ISMS AN ISMS 3 ... ISMS AND ISO 27001 An...

Category: Documents