1 / 29
Other keys: show •
Space: good •
1-4: rate •
0: skip •
5: flag •
6: invert
Question
What is an Information Security Management System (ISMS) and what is its purpose?
Answer
An ISMS is a set of rules and procedures that an organization uses to define, manage, control, maintain, and continuously improve information security.
An ISMS serves two main purposes:
- Protect assets — Ensure that the organization's assets and information are adequately protected
- Meet requirements — Fulfill legal, regulatory, industry, and market requirements
How it works in practice:
- Maintain a process for identifying and assessing information security risks
- Determine and implement controls
- Continuously improve over time
- Determine the protection needs of assets, define protective measures, and establish monitoring
Various standards (ISO 27001, BSI) provide frameworks for building an ISMS. Think of the ISMS not as a product you buy, but as an ongoing process that your organization runs.
Go deeper:
Information security management (Wikipedia) — das ISMS als Zusammenspiel aller Sicherheits-Elemente einer Organisation (Richtlinien, Verfahren, Ziele), das Technik und Menschen orchestriert.
or press any other key
Note saved — thanks!