1

Analyze business and organizational needs for the ISMS project in your organization Task

Name

Institution Affiliation
 2

Introducing the Organization

Munawer is a leading company based in Abu Dhabi in the field of Internet security

market. The company was created in 2009 with the purpose of creating and implementing the

first e-learning system in the UAE. The company was established by the Munawer Group, with

the support of the Ministry of Education, in an effort to develop the local skills of the population

and to offer high-quality e-learning services. To do this, the company is creating customized e-

learning courses through the ISMS system. ISMS stand for Intelligent Soft-Ware Management

System.

Demonstrate your project team

To implement an ISMS project in Munawer Company, an analysis of the customer’s

current business needs is required. The team needs to analyze the customers’ business processes

and the way these are currently being handled by the company. They need to assess the

customers’ current business needs and develop a project plan to meet these needs. The project

plan needs to be documented and communicated to all stakeholders in order to be executed

correctly. While initiating team it is important to focus on the following vital areas of selection

from the initiation stage to submitting the project after completion as shown in the figure below:
 3

As per Project Management of Information Security Management System (ISMS), all

members of the project team must have appropriate technical experience of Information Security

Management System (ISMS) (Tajammul & Parveen, 2017). This will support the project team to

accomplish the objectives of the project. Therefore the project team included the Information

Systems Management (ISM) department head and the IT department head. Other than the IT

department head, the team members were not from the IT department. The ISM department head

had a great deal of experience in information security and had worked as an information security

manager for large companies. The IT department head was the IT team lead for the ISM

department head and had worked for the company longer than the ISM department head, but had

less security experience.

Being a team leader it is always important to have a clear understanding of the project at

hand for better results. In this case, the project involves implementing ISMS for Munawer

Company. Therefore the goal for the organization is to increase customer satisfaction through an

innovation project designed to assist the organization to meet the needs of the market and the

consumer (Bogers et al., 2017). The company is a startup company with two years of experience

in the market; hence, the main focus is on innovation; hence, the main goal for the organization

is to provide customers with the most innovative product that meets their needs. The company

sells products that will help customers increase productivity at their workplace. The goal for the

company is to sell the products to as many customers as possible so as to increase their level of

satisfaction and profit, while at the same time, increasing the number of customers and the

volume of their products sold.

There has to be an effective contribution for both parties; the ISMS project team and the

Munawer stakeholders who are in charge of the implementation. In this case, the company has
 4

already purchased the required software and has a software expert on the team to help them with

the issues that occur. The company's website is an example of what they have in place and in the

future, they want to implement an ISMS system (Arena, Cross, Sims & Uhl-Bien, 2017). They

have the following goals: to provide support for customers, to provide support for employees, to

provide support for management, to provide support for investors, to provide support for

suppliers. The team is looking to improve all areas of the company and the ISMS project is one

of the areas the company is going to focus on.

However, it is also important to understand that this process involves many activities that

are important such as risk assessments, management assessments, stakeholder and customer

assessments, and IT assessments (Brunner et al., 2020). The ISMS Project team consists of IT

experts, risk assessors, stakeholders, and customers. This team is going to work on a variety of

activities that will be performed to ensure that the organization complies

This project is a high impact project, which implies that this project is likely to have a

significant effect on the organization. Also, this project aims to add value to an organization

because it will provide them with a new way of working, which will result in more customers

and more profits. This project will have a large impact on the organization because it will have a

great effect on the work they do and the procedures they use. It makes sense that this project will

have a positive effect on the organization.

Highlight the roles and responsibilities of each team member on the project

To implement the ISMS, a team of 3 people Faris, Abdulsalam, and Zayed was formed,

and we have divided the responsibilities of members within the team. The following is the list of

responsibilities that each member had on this project. Each team member was assigned an

important role that is specific to the tasks they are responsible for.
 5

In order to implement ISMS system for Munawer Company, the ISMS project team should

have the following:

 The project leader who coordinates the development project

Faris

 The ISMS technical lead who develops the software

 The ISMS system administrator who manages the ISMS server,

 The ISMS user guide writer who writes the user guide and makes sure that the user guide

is in the final version of ISMS

Abdulsalam

 The ISMS documentation writer who writes the documentation that shows the features of

the ISMS

 The ISMS testing team who tests the application

 The ISMS training team who train the users of ISMS

Zayed

 The ISMS marketing team who promote the ISMS product

 The ISMS support team who support the ISMS product

 The ISMS support team who provide the technical support to the ISMS users

This list of the ISMS roles and responsibilities are evenly divided among the 3 group

leaders Faris, Abdulsalam, and Zayed who distributed and shared among the group members.

Each member includes the team members who have the corresponding responsibilities. Each

group should have their own responsibilities and the ISMS team leader should communicate with

each group to coordinate the development process and to manage the tasks of the team.
 6

Develop the ISMS for the organization by utilizing all the steps of from the ISO Standard

27001.

The ISO 27001 is the standard of information security management based on the risk

analysis of information systems, organizational information security policy, and security

management functions. It includes a list of security principles and practices, security objectives,

procedures, and tools for security management in accordance with the ISO 27001. The goal of

the ISO 27001 is to assure that a particular information system and related processes, practices,

and personnel are able to protect the organization's information assets and other assets from

identified and potential risk (Brunner et al., 2020). The ISO 27001 also identifies the

responsibilities of the information owner, the information owner's organization, and the

information owner's IT security organization to implement security controls.

For better results, the ISMS project implementation team will use follow all the steps for

ISO 27001 (Fonseca-Herrera, Rojas & Florez, 2021). The following steps will be utilized in

implementing ISMS for Munawer Company through ISO Standard 27001.

Step 1: Assemble an implementation team.

The first step in the ISO27001 implementation is to assemble an implementation team, in

accordance with the requirements of ISMS. The team members should be selected from the

organization in a way that the team can represent the organization and the stakeholder interests.

The members should be appointed with the goal of achieving the benefits identified in

ISO27001. They should have full responsibility for the successful implementation, and an

understanding of the organization’s products, services, processes and information systems.

Step 2: Implementation Plan Development.

 7

Develop a detailed implementation plan that incorporates all project activities. Ensure

that the implementation plan is developed using a detailed schedule that is linked to the project

activities. This provides an overview of the project, including the expected timeframes for each

activity as well as the resources that are required.

Step 3: Initiate the ISMS.

To initiate the ISMS the project manager will work with the ISMS team by developing a

description of the organization and its environment. You will also make a plan to implement the

ISMS as outlined in the ISMS process. This will include your recommendations for the

implementation team.

Step 4: Define the ISMS scope.

In the step to define the ISMS scope, the team will need to be applied to all the systems,

programs and activities of the organization. It must be applied to the core business as well as to

the non-value-adding activities that are performed in support of the core business. To be clear,

the ISMS must be applied to all the systems and activities performed by the organization,

whether they are the systems and activities that support. Based on this step it is clear that the

scope of ISMS must be well demonstrated for Munawer Company to better clarify the ISO

27001 requirements; the diagram below shows the desired scope of the ISMS.
 8

Step 5: Identify your security baseline.

Security baselines are a starting point and should be used as a basis for developing ISMS.

They are a starting place when developing ISMS and should be developed in conjunction with an

organization's overall ISMS. They represent an organization's security posture for a specific

period and should be updated on a regular basis. They are often based on the ITIL framework or

other frameworks designed to provide a common starting point. At this point the process of

identifying ISMS framework can be defined by the project manager to other team members as

demonstrated in the diagram below:

 9

Step 6: Establish a risk management process.

This process requires the organization to identify and implement policies and procedures

to avoid risks and prevent losses, both financial and reputational. A risk management policy and

procedures must be developed, adhered to, and reviewed regularly. The policy should address all

risks in the organization and its various departments, divisions, and divisions. The policy should

establish a clear process for identifying, measuring, and reporting risks.

Step 7: Implement a risk treatment plan.

This step is a process to determine what can be done to minimize the potential impact of

an adverse event. There are three general types of risk treatment plans and can be applied to all

types of risks: prevent, contain, and recover. A risk treatment plan should be a management

system and should not replace other risk control practices, such as the management of risk, the

performance of risk analysis, and the evaluation of control activities.

Step 8: Measure Monitor and Review

 10

Once the ISMS audit has been completed, you will want to measure the benefits of your

ISMS. You can do this by having a third party audit the processes and systems, and by

measuring the benefits of the system. This could be done by asking people who use your ISMS

what the benefits are. It can be useful, in the case of a new internal process, for employees to

give their views and opinion on the benefits of a new process.

In this step the team will need to use the ISO 27001 checklist to ensure that the

organization has the appropriate ISMS in place and that it has been implemented effectively. At

the end of each year, review and validate the ISMS to ensure that it is appropriate for the

organization and that it has been implemented effectively.

Step 9: Certify your ISMS

Certification for ISMS is a process that certifies that AN ISM is implemented and is

conforming to its published requirements. There is no universally accepted process for

certification. Every certification process is unique and is determined by the organization and the

people involved in the certification. As part of the certification process, the organization must

demonstrate that its ISMS are in conformance with the requirements of the standard. The team

will need to certify the process to ensure the ISMS system is fit for Munawer Company.
 11

References

Arena, M., Cross, R., Sims, J., & Uhl-Bien, M. (2017). How to catalyze innovation in your

organization. MIT Sloan Management Review, 58(4), 38-48.

Bogers, M., Zobel, A. K., Afuah, A., Almirall, E., Brunswicker, S., Dahlander, L., ... & Ter Wal,

A. L. (2017). The open innovation research landscape: Established perspectives and

emerging themes across different levels of analysis. Industry and Innovation, 24(1), 8-40.

Brunner, M., Sauerwein, C., Felderer, M., & Breu, R. (2020). Risk management practices in

information security: Exploring the status quo in the DACH region. Computers &

Security, 92, 101776.

Fonseca-Herrera, O. A., Rojas, A. E., & Florez, H. (2021). A model of an information security

management system based on NTC-ISO/IEC 27001 standard. IAENG Int. J. Comput.

Sci, 48(2), 213-222.

Tajammul, M., & Parveen, R. (2017). Comparative analysis of big ten ISMS standards and their

effect on cloud computing. In 2017 International Conference on Computing and

Communication Technologies for Smart Nation (IC3TSN) (pp. 362-367). IEEE.