Professional Documents
Culture Documents
a systematic approach for managing and protecting a company’s information. The ISMS
represent a set of policies, procedures, and various other controls that set the
information security rules in an organization.
Benefits
Reduce the chances of
security breaches within
IT environment
Control of IT
risks Confidentiality
of information
Minimization of IT risks,
Lower costs possible damage and
consequential costs
Requirements
Understand the context of organization and expectations of interested
parties regarding ISMS
Define the scope for ISMS
Management shall demonstrate commitment with respect to ISMS
Challenges
Decide the scope which shall be chosen for ISMS
Involve management and provide evidences of management
commitment
ISO Requirements:
Requirements
Document information required by standard requirements (e.g. Scope,
Security policy, etc.)
Review and control documented information
Challenges
Keep up to date ISMS documentation
Ensure that documents were communicated to appropriate people
Provide evidence of approvals
Document Management
Requirements
Identify and evaluate risks
Provide risk mitigation
Challenges
Chose risk management method and tool for effective risk register
Involve subject meter experts for risk identification and evaluation
Obtain Information Owners approval for risk treatment or acceptance
Risk Management
Risk Management
ISO Requirements:
Requirements
Measurements
Internal audit
Regular management reviews
Challenges
Create and maintain comprehensive metrics to measure objectives
Chose Internal Audit Team and set requirements
Obtain feedback from management
ISO Requirements:
Requirements
Detect non-conformities
Provide corrections and improvements
Challenges
Non-conformances shall be analyzed for root causes
Provide not only corrective actions, but also preventive
Annex A Controls
• Statement of Applicability