( Information Security Management System )
An Information Security Management System (ISMS) is a systematic approach to managing sensitive company information so that it remains secure. It encompasses people, processes and IT systems.
ISO stands for International Organization for Standardization
ISO/IEC 27001:2013 is the latest International Standard an organization must be measured against to implement a successful ISMS.
It helps identify, manage and minimize the range of threats to which information is regularly subjected.
Demonstrates company’s commitment in protecting information
Improved customer, employee and partner confidence
Improved information security throughout the organization
Improved security planning
Security management effectiveness
Ongoing protection over Information
Reduced risk over information
The objective of having an organizational information security framework is to help achieve an effective and efficient way of managing Information security within the organization. A management framework shall be established to manage and control activities related to information security within the organization.
Security Management forum consisting of leadership team shall be established to approve the information security policy, assign security roles and co-ordinate the implementation of security across the organization.
Information security advisory forum shall be established and made available within the organization. Contacts with external security specialists shall be developed to keep up with industrial trends, monitor standards and assessment methods. This would help to apply the latest countermeasures while dealing with security incidents.
A multi-disciplinary approach to information security should be encouraged, e.g. involving the co-operation and collaboration of managers, users, administrators, application designers, auditors and security staff, and specialist skills in areas such as Legal, Business Continuity Planning, insurance and risk management.
There is a need to define the roles and responsibilities of the individual functions so as to cover the entire the spectrum of the Information Security. This would help establish accountability and streamlining the operations.
TABLE OF CONTENTS
DOCUMENT HISTORY AND RETENTION
DOCUMENTATION APPROVAL
DISTRIBUTION LIST
TABLE OF CONTENTS
1.INTRODUCTION
2. LINE OF BUSINESS
3.ORGANIZATION STRUCTURE
3.1 DEVELOPMENT
3.2 INTEGRATION
3.3 PROJECT MANAGEMENT
3.4 PRODUCT MANAGEMENT
3.5 RELEASE & CONFIGURATION MANAGEMENT
3.6 CUSTOMER HELP DESK AND TECHNICAL SUPPORT
3.7 SETUP& IMPLEMENTATION
3.8 SALES AND ACCOUNT MANAGEMENT
3.9 PR & MARKETING
3.10 INFORMATION TECHNOLOGY
3.11 HUMAN RESOURCE
3.12 ADMIN
3.13 FINANCE
4.1 UNDERSTANDING THE ORGANISATION AND ITS CONTEXT –CLAUSE 4
4.2 UNDERSTANDING THE NEEDS AND EXPECTATIONS OF INTERESTED PARTIES – CLAUSE
4.3 DETERMINING THE SCOPE OF THE ORGANISATION SECURITY MANAGEMENT SYSTEM – CLAUSE
4.4 INFORMATION SECURITY MANAGEMENT SYSTEM – CLAUSE
5. LEADERSHIP – CLAUSE
5.1 LEADERSHIP AND COMMITMENT – CLAUSE
5.2 POLICY – CLAUSE
5.3 ORGANISATIONAL ROLES, RESPONSIBILITY AND AUTHORITIES – CLAUSE
6. PLANNING – CLAUSE
6.1 ACTIONS TO ADDRESS RISKS AND OPPORTUNITIES – CLAUSE
6.1.1 General – Clause
6.1.2 Information security risk assessment – Clause
6.1.3 Information security risk treatment – Clause
6.2 INFORMATION SECURITY OBJECTIVES AND PLANNING TO ACHIEVE THEM – CLAUSE
7 SUPPORT – CLAUSE
7.1 RESOURCES – CLAUSE
7.2 COMPETENCE – CLAUSE
7.3 AWARENESS – CLAUSE
7.4 COMMUNICATION – CLAUSE
7.5 DOCUMENTED INFORMATION – CLAUSE
7.5.1 General – Clause
7.5.2 Creating and updating – Clause
7.5.3 Control of documented information – Clause
8 OPERATION – CLAUSE 8.1 OPERATIONAL PLANNING AND CONTROL – CLAUSE 8.2 INFORMATION SECURITY RISK ASSESSMENT – CLAUSE 8.3 INFORMATION SECURITY RISK TREATMENT – CLAUSE 9 PERFORMANCE EVALUATION – CLAUSE 9.1 MONITORING, MEASUREMENT, ANALYSIS AND EVALUATION –
CLAUSE 9.2 INTERNAL AUDIT – CLAUSE 9.3 MANAGEMENT REVIEW – CLAUSE 10 IMPROVEMENT – CLAUSE 10.1 NONCONFORMITY AND CORRECTIVE ACTION – CLAUSE 10.2 CONTINUAL IMPROVEMENT – CLAUSE