DEFINITION OF INFORMATION SECURITY MANAGEMENT SYSTEM (ISMS)
Define Business Objectives, Scope of ISMS
- Information Risk Assessment
- Business Process
- Information Asset Identification
- Technical Risk Assessment
- A metrics based system to evaluate risk,
and track it through the lifecycle.
RISK IDENTIFICATION & MITIGATION
Evaluate the Identified Risks to either Accept, Avoid, Transfer, Delegate
- Conduct a Gap Analysis
- Design Information Security Policies
- Define Business Continuity Management
- Design Security Architecture
ISMS ROLLOUT & IMPLEMENTATION
- Identify Information Security Team
- Allocate Roles and Responsibilities to carry out the implementation.
- Carry out Awareness Sessions.
- Carry out internal and external audits to assuage readiness
Auditors look for Objective Evidence
- They carry out audits and allocate time frames to close the non-conformances identified.
- This is a continuously evolving process and aims to constantly mature.
- As an organization, tracking processes and risks continuously helps the process to mature.