Information Security Management System

An ISMS (Information Security Management System) provides a model to create, implement, operate, monitor, review, maintain and improve the protection of information assets to achieve business objectives.

The basis of an ISMS resides in, knowing the context of the organization , evaluating the risks and setting the levels determined as appropriate by the organization's Management for the acceptance of a level of risk so that the risks can be dealt with and managed. risks effectively.

Analyzing the requirements for the protection of information assets and applying appropriate controls to ensure the protection of these information assets, as necessary, contributes to the successful implementation of an ISMS.

The fundamental principles that contribute to the successful implementation of an ISMS are:

1.            Understand the organization, its context and the relevant elements that could affect the objectives of the ISMS.

2.            Understand the needs of stakeholders.

3.            The assignment of responsibilities and leadership for information security.

4.            Information security training and awareness.

5.            The commitment and leadership of the Management.

6.            Risk assessments to determine the current status and appropriate strategies to assume, transfer, avoid and / or reduce risk to achieve acceptable levels of risk.

7.            Built-in security as an essential element of networks and information systems.

8.            Active prevention and detection of information security incidents.

9.            Ensure a comprehensive approach to information security management.

10.         A regular reassessment of information security and the application of modifications as appropriate.

11.         A continuous improvement approach.

Information security dimensions

According to ISO / IEC 27001, information security comprises at least the following three fundamental dimensions:

1.            Confidentiality.

2.            Disponibility.

3.            The integrity.

The confidentiality concerns access to information only from those who are authorized.

Verification and authorization are two of the mechanisms used to ensure the confidentiality of information.

Availability refers to access to information and its treatment systems by authorized users when required.

The lack of availability is manifested mainly by:

1.            The denial or repudiation of the service due to the lack of guarantees of the provision of the same, both by the service provider and the applicant or policyholder (reliable identification controls, lack of equipment performance, line congestion, among other possible ).

2.            Loss of information resource services due to natural disasters or equipment failures, breakdowns, virus action, etc.

Integrity means maintaining the accuracy and completeness of the information and its processing methods.

Starting from these three fundamental dimensions, there are organizations that may need additional ones, such as: traceability and authenticity for public bodies, and in reference to the framework specified by the National Security Scheme, or even the so-called no. -repudiation in environments of use of encryption keys (eg, the use of the DNI) as a guarantee against the possible denial of an entity or a user that certain transactions took place.

These dimensions, added to the fundamentals of confidentiality, integrity and availability, will mean, in any case, an optional and particular extension based on the specific needs of an ISMS application that each organization must assess, and not a fundamental requirement of the ISO standard . / IEC 27001 .

Establish, monitor, maintain and improve an ISMS

An organization needs to carry out the following steps for the establishment, control, maintenance and improvement of its ISMS:

1.            Identify information assets and their associated security requirements.

2.            Assess information security risks.

3.            Select and apply the relevant controls to manage unacceptable risks.

4.            Monitor, maintain, and improve the effectiveness of security controls associated with the organization's information assets.

To ensure the effective protection of the information assets of the ISMS within the organization on a permanent basis, it is necessary that the four previous steps be repeated continuously to be in a position to identify changes in risks, in the organization's strategies and / or in business objectives.

 technologyies        techiescity       themarketingpilot  technologywebdesign        technologytimesnow

Popular posts from this blog

Government defense and security

Image
    Computers in government office speed up these tasks because they contain a lot of software, such as word processing software, PPTs, spreadsheets, and database administration programs. Computers are used by all government departments in their daily working life for different purposes such as booking tickets in railway services, recording cases in police stations, checking traffic lights, etc., to complete tasks quickly and efficiently. Government organizations depend on computer and Internet technologies to respond quickly to thousands of residents' requests. Computer and online systems allow different government authoritie to respond immediately to the various demands of businesses and other organizations. State department use computers to distribute salaries, grants, scholarships, health insurance to respective citizens of society. The government regularly hires IT administrators to maintain various types of records. These records are kept in large database, which...
Read more

Benefits & Limitations of Laptops

Image
Users often ask whether they should choose a laptop or a desktop. The answer is, it really depends on IT practices and the day-to-day responsibilities of users. Laptop are more expensive, so we want to make sure that users who request a laptop make good use of it. For example, if you are someone who need to travel, whether on campus or traveling off campus, a laptop is a good option for you. For example, professors, vice-presidents, principals, or anyone who attends many meetings where they want to access their applications and files or take notes through their computer. In addition, coaches, admissions counselors, and development officers can make good use of a laptop. On the other hand, users who mostly perform their tasks at their desks and rarely travel would benefit more from a desktop with more resources and larger screens. Benefits: Unsurprisingly, the main advantage of a laptop is its portability. Those traveling for work or attending regular campus meetings can bring their...
Read more

COMPUTERS AND OUR LIVES: HOW HAVE COMPUTERS CHANGED OUR LIVES?

Image
   Computers and their uses have developed rapidly and widely throughout the world. They are used to dealing with many tasks due to their different potentials. It helps to solve the problems that human life encounters in daily life. Therefore, they have more influence in our life. The impact of computer use in our lives is obviously identified as saving money, time and effort. To understand the depth of computer intervention in human life, take a look at developments in communication, education, utility facilities, and healthcare. Computers and our lives: How have computers changed our lives? During the last 3 decades, the computer has been recognized as the most successful and successful invention to solve the problems of human life. Today, where businesses are run, you will find the application of computer use. Look at the education, health, transportation or communications sector, we can see the influence and application of the computer. It is difficult to survive a bus...
Read more