Professional Documents
Culture Documents
Analyze business and organizational needs for the ISMS project in your organization Task
Name
Institution Affiliation
2
Munawer is a leading company based in Abu Dhabi in the field of Internet security
market. The company was created in 2009 with the purpose of creating and implementing the
first e-learning system in the UAE. The company was established by the Munawer Group, with
the support of the Ministry of Education, in an effort to develop the local skills of the population
and to offer high-quality e-learning services. To do this, the company is creating customized e-
learning courses through the ISMS system. ISMS stand for Intelligent Soft-Ware Management
System.
current business needs is required. The team needs to analyze the customers’ business processes
and the way these are currently being handled by the company. They need to assess the
customers’ current business needs and develop a project plan to meet these needs. The project
correctly. While initiating team it is important to focus on the following vital areas of selection
from the initiation stage to submitting the project after completion as shown in the figure below:
3
members of the project team must have appropriate technical experience of Information Security
Management System (ISMS) (Tajammul & Parveen, 2017). This will support the project team to
accomplish the objectives of the project. Therefore the project team included the Information
Systems Management (ISM) department head and the IT department head. Other than the IT
department head, the team members were not from the IT department. The ISM department head
had a great deal of experience in information security and had worked as an information security
manager for large companies. The IT department head was the IT team lead for the ISM
department head and had worked for the company longer than the ISM department head, but had
Being a team leader it is always important to have a clear understanding of the project at
hand for better results. In this case, the project involves implementing ISMS for Munawer
Company. Therefore the goal for the organization is to increase customer satisfaction through an
innovation project designed to assist the organization to meet the needs of the market and the
consumer (Bogers et al., 2017). The company is a startup company with two years of experience
in the market; hence, the main focus is on innovation; hence, the main goal for the organization
is to provide customers with the most innovative product that meets their needs. The company
sells products that will help customers increase productivity at their workplace. The goal for the
company is to sell the products to as many customers as possible so as to increase their level of
satisfaction and profit, while at the same time, increasing the number of customers and the
There has to be an effective contribution for both parties; the ISMS project team and the
Munawer stakeholders who are in charge of the implementation. In this case, the company has
4
already purchased the required software and has a software expert on the team to help them with
the issues that occur. The company's website is an example of what they have in place and in the
future, they want to implement an ISMS system (Arena, Cross, Sims & Uhl-Bien, 2017). They
have the following goals: to provide support for customers, to provide support for employees, to
provide support for management, to provide support for investors, to provide support for
suppliers. The team is looking to improve all areas of the company and the ISMS project is one
However, it is also important to understand that this process involves many activities that
are important such as risk assessments, management assessments, stakeholder and customer
assessments, and IT assessments (Brunner et al., 2020). The ISMS Project team consists of IT
experts, risk assessors, stakeholders, and customers. This team is going to work on a variety of
This project is a high impact project, which implies that this project is likely to have a
significant effect on the organization. Also, this project aims to add value to an organization
because it will provide them with a new way of working, which will result in more customers
and more profits. This project will have a large impact on the organization because it will have a
great effect on the work they do and the procedures they use. It makes sense that this project will
Highlight the roles and responsibilities of each team member on the project
To implement the ISMS, a team of 3 people Faris, Abdulsalam, and Zayed was formed,
and we have divided the responsibilities of members within the team. The following is the list of
responsibilities that each member had on this project. Each team member was assigned an
important role that is specific to the tasks they are responsible for.
5
In order to implement ISMS system for Munawer Company, the ISMS project team should
Faris
The ISMS user guide writer who writes the user guide and makes sure that the user guide
Abdulsalam
The ISMS documentation writer who writes the documentation that shows the features of
the ISMS
Zayed
The ISMS support team who provide the technical support to the ISMS users
This list of the ISMS roles and responsibilities are evenly divided among the 3 group
leaders Faris, Abdulsalam, and Zayed who distributed and shared among the group members.
Each member includes the team members who have the corresponding responsibilities. Each
group should have their own responsibilities and the ISMS team leader should communicate with
each group to coordinate the development process and to manage the tasks of the team.
6
Develop the ISMS for the organization by utilizing all the steps of from the ISO Standard
27001.
The ISO 27001 is the standard of information security management based on the risk
management functions. It includes a list of security principles and practices, security objectives,
procedures, and tools for security management in accordance with the ISO 27001. The goal of
the ISO 27001 is to assure that a particular information system and related processes, practices,
and personnel are able to protect the organization's information assets and other assets from
identified and potential risk (Brunner et al., 2020). The ISO 27001 also identifies the
responsibilities of the information owner, the information owner's organization, and the
For better results, the ISMS project implementation team will use follow all the steps for
ISO 27001 (Fonseca-Herrera, Rojas & Florez, 2021). The following steps will be utilized in
accordance with the requirements of ISMS. The team members should be selected from the
organization in a way that the team can represent the organization and the stakeholder interests.
The members should be appointed with the goal of achieving the benefits identified in
ISO27001. They should have full responsibility for the successful implementation, and an
Develop a detailed implementation plan that incorporates all project activities. Ensure
that the implementation plan is developed using a detailed schedule that is linked to the project
activities. This provides an overview of the project, including the expected timeframes for each
To initiate the ISMS the project manager will work with the ISMS team by developing a
description of the organization and its environment. You will also make a plan to implement the
ISMS as outlined in the ISMS process. This will include your recommendations for the
implementation team.
In the step to define the ISMS scope, the team will need to be applied to all the systems,
programs and activities of the organization. It must be applied to the core business as well as to
the non-value-adding activities that are performed in support of the core business. To be clear,
the ISMS must be applied to all the systems and activities performed by the organization,
whether they are the systems and activities that support. Based on this step it is clear that the
scope of ISMS must be well demonstrated for Munawer Company to better clarify the ISO
27001 requirements; the diagram below shows the desired scope of the ISMS.
8
Security baselines are a starting point and should be used as a basis for developing ISMS.
They are a starting place when developing ISMS and should be developed in conjunction with an
organization's overall ISMS. They represent an organization's security posture for a specific
period and should be updated on a regular basis. They are often based on the ITIL framework or
other frameworks designed to provide a common starting point. At this point the process of
identifying ISMS framework can be defined by the project manager to other team members as
This process requires the organization to identify and implement policies and procedures
to avoid risks and prevent losses, both financial and reputational. A risk management policy and
procedures must be developed, adhered to, and reviewed regularly. The policy should address all
risks in the organization and its various departments, divisions, and divisions. The policy should
This step is a process to determine what can be done to minimize the potential impact of
an adverse event. There are three general types of risk treatment plans and can be applied to all
types of risks: prevent, contain, and recover. A risk treatment plan should be a management
system and should not replace other risk control practices, such as the management of risk, the
Once the ISMS audit has been completed, you will want to measure the benefits of your
ISMS. You can do this by having a third party audit the processes and systems, and by
measuring the benefits of the system. This could be done by asking people who use your ISMS
what the benefits are. It can be useful, in the case of a new internal process, for employees to
In this step the team will need to use the ISO 27001 checklist to ensure that the
organization has the appropriate ISMS in place and that it has been implemented effectively. At
the end of each year, review and validate the ISMS to ensure that it is appropriate for the
Certification for ISMS is a process that certifies that AN ISM is implemented and is
certification. Every certification process is unique and is determined by the organization and the
people involved in the certification. As part of the certification process, the organization must
demonstrate that its ISMS are in conformance with the requirements of the standard. The team
will need to certify the process to ensure the ISMS system is fit for Munawer Company.
11
References
Arena, M., Cross, R., Sims, J., & Uhl-Bien, M. (2017). How to catalyze innovation in your
Bogers, M., Zobel, A. K., Afuah, A., Almirall, E., Brunswicker, S., Dahlander, L., ... & Ter Wal,
Brunner, M., Sauerwein, C., Felderer, M., & Breu, R. (2020). Risk management practices in
information security: Exploring the status quo in the DACH region. Computers &
Security, 92, 101776.
Fonseca-Herrera, O. A., Rojas, A. E., & Florez, H. (2021). A model of an information security
Sci, 48(2), 213-222.
Tajammul, M., & Parveen, R. (2017). Comparative analysis of big ten ISMS standards and their