The ISMS contains the standards, management procedures and guidelines that support the Information Security Management policies. Using this in conjunction to an overall framework for managing security will help to ensure that the Four Ps of People, Process, Products, and Partners are considered as to the requirements for security and control.

As a guide, standards such as ISO 27001 provide a formal standard by which to compare or certify their own ISMS, covering the five main elements of:

1. Plan

Planning is used to identify and recommend the appropriate security measures that will support the requirements and objectives of the organization. SLAs and OLAs, business and organizational plans and strategies, regulation and compliance requirements (such as Privacy Acts) as well as the legal, moral and ethical responsibilities for information security will be considered in the development of these measures.

2. Implement

The objective of this element is to ensure that the appropriate measures, procedures, tools and controls are in place to support the Information Security Policy.
3. Control

The objectives of the control element of the ISMS are to:
* Ensure the framework is developed to support Information Security Management
* Develop an organizational structure appropriate to support the Information Security Policy
* Allocate responsibilities
* Establish and control documentation.

4. Evaluate

The evaluate element of the ISMS is focused on ensuring
* Regular audits and reviews are performed
* Policy and process compliance is evaluated
* Information and audit reports are provided to management and external regulators if required.

5. Maintain

As part of Continual Service Improvement, the maintain element seeks to:
* Improve security agreements as documented in SLAs and OLAs
* Improve the implementation and use of security measures and controls.

Related Posts

News

ITIL PREDICTIVE ANALYTICS REPORT

  This ITIL report evaluates technologies and applications in terms of their business impact, adoption rate and maturity level to help users decide where and when to invest. The Predictive Analytics Scores below – ordered Read more…

News

Cybersecurity PREDICTIVE ANALYTICS REPORT

Read online and subscribe to Predictive Analytics Email Updates HERE You can have a say in which analytics you need in which timeframe: simply add your (anonymous) need to the list at https://theartofservice.com/predictive-analytics-topics-reports-urgency and we Read more…

News

Storage Technologies PREDICTIVE ANALYTICS REPORT

  This Storage Technologies report evaluates technologies and applications in terms of their business impact, adoption rate and maturity level to help users decide where and when to invest. This predictive analytics evaluates 36 storage-related Read more…