How to plan the implementation of an ISMS

Information security objectives and planning to achieve them

The organization shall establish information security objectives at the relevant functions and levels.

Information security objectives shall:

1.            Be consistent with the information security policy.

2.            Be measurable (if possible) by calculating economic, personnel and execution time costs.

3.            Take into account the applicable information security requirements, the results of the risk assessment and the risk treatment.

4.            Be communicated.

5.            Be updated, as appropriate. Normally, the security objectives are defined annually after the meeting of the Security Committee and usually include training, application of new controls to reduce the level of risk and improvements of the controls already applied.

The organization will retain documented information on the information security objectives.

When planning how to achieve its information security objectives, the organization must determine, as follows:

1.            What will be done.

2.            What resources will be needed.

3.            Who will be responsible.

4.            When the objectives will be considered achieved.

5.            How the results will be evaluated.

Measures to address risks and opportunities

When planning the Information Security Management System , the organization must take into account the context, both internal and external, and the problems that derive from it and that may affect its ability to achieve the proposed objectives. In addition, it will take into account the interested parties and the requirements of each of them in relation to information security.

Based on this, you will be able to determine the risks and opportunities of your Information Security Management System, taking into account that the fundamental objectives when addressing risks and opportunities are:

1.            Ensure that the Information Security Management System can achieve the objectives set.

2.            Prevent or reduce unwanted effects.

3.            Achieve continuous improvement.

Once the risks and opportunities of the ISMS have been defined, the following can be planned:

1.            Actions to deal with risks and opportunities.

2.            The way of:

1.            Integrate and implement corrective actions.

2.            Evaluate the effectiveness of these actions.

3.            Know the fundamental aspects of risk assessment.

Planning and operational control

The organization must:

1.            Plan, execute and control the processes necessary to meet information security requirements and to implement actions to address risks and opportunities:

1.            Ensuring that the Information Security Management System can achieve its result.

2.            Preventing or reducing unwanted effects.

3.            Achieving continuous improvement.

4.            Actions to address these risks and opportunities.

2.            Implement plans to achieve information security objectives. The organization must establish information security objectives at the relevant functions and levels, which must:

1.            Be consistent with the information security policy.

2.            Be measurable.

3.            Take into account the applicable information security requirements and the results of risk assessment and risk treatment.

4.            Be communicated and updated, as appropriate.

3.            Maintain documented information to the extent necessary to have confidence that processes have been carried out as planned.

4.            Monitor planned changes and review the consequences of unwanted changes, taking steps to mitigate potential adverse effects, as necessary.

5.            Ensuring that outsourced security processes are determined and controlled.

  menshealthupdates   womensdayblog  usweeklyblog  myfavouriteceleb  technologydominator

Popular posts from this blog

Government defense and security

Image
    Computers in government office speed up these tasks because they contain a lot of software, such as word processing software, PPTs, spreadsheets, and database administration programs. Computers are used by all government departments in their daily working life for different purposes such as booking tickets in railway services, recording cases in police stations, checking traffic lights, etc., to complete tasks quickly and efficiently. Government organizations depend on computer and Internet technologies to respond quickly to thousands of residents' requests. Computer and online systems allow different government authoritie to respond immediately to the various demands of businesses and other organizations. State department use computers to distribute salaries, grants, scholarships, health insurance to respective citizens of society. The government regularly hires IT administrators to maintain various types of records. These records are kept in large database, which...
Read more

Benefits & Limitations of Laptops

Image
Users often ask whether they should choose a laptop or a desktop. The answer is, it really depends on IT practices and the day-to-day responsibilities of users. Laptop are more expensive, so we want to make sure that users who request a laptop make good use of it. For example, if you are someone who need to travel, whether on campus or traveling off campus, a laptop is a good option for you. For example, professors, vice-presidents, principals, or anyone who attends many meetings where they want to access their applications and files or take notes through their computer. In addition, coaches, admissions counselors, and development officers can make good use of a laptop. On the other hand, users who mostly perform their tasks at their desks and rarely travel would benefit more from a desktop with more resources and larger screens. Benefits: Unsurprisingly, the main advantage of a laptop is its portability. Those traveling for work or attending regular campus meetings can bring their...
Read more

COMPUTERS AND OUR LIVES: HOW HAVE COMPUTERS CHANGED OUR LIVES?

Image
   Computers and their uses have developed rapidly and widely throughout the world. They are used to dealing with many tasks due to their different potentials. It helps to solve the problems that human life encounters in daily life. Therefore, they have more influence in our life. The impact of computer use in our lives is obviously identified as saving money, time and effort. To understand the depth of computer intervention in human life, take a look at developments in communication, education, utility facilities, and healthcare. Computers and our lives: How have computers changed our lives? During the last 3 decades, the computer has been recognized as the most successful and successful invention to solve the problems of human life. Today, where businesses are run, you will find the application of computer use. Look at the education, health, transportation or communications sector, we can see the influence and application of the computer. It is difficult to survive a bus...
Read more