ISMS Information security management system

1. ISMS Information security management system

2. contents WHAT IS ISMS WHY ISMS ISMS STANDARD PURPOSE OF ISMS BENEFITS OF ISMS ADVANTAGES OF ISMS

3. What is ISMS An information security management system (ISMS) is a systematic approach to managing sensitive company information so that it remains secure. Certification of an organization’s isms ensures that the organization has a model for establishing, implementing, operating, reviewing, maintaining and improving the security of information including those of customer, held by the organization. The implemented ISMS ensure handling of overall business risks by implementation of security controls customized to the needs of the organization thus increasing the productivity of the people and enhancing corporate image. .

4. Why isms Why do we need ISMS? Organizations and their information systems and networks are exposed with security THREATS such as fraud, fire, flood from a wide range of sources. The increasing number of security breaches has led to increasing information security concerns among organizations worldwide. ACHIEVING INFORMATION SECURITY is a huge challenge for organization as it CANNOT BE ACHIEVED THROUGH TECHNOLOGICAL MEANS ALONE, and should never be implemented in a way that is either out of line with the organization’s approach to risk or which undermines or creates difficulties for its business operations. Thus there is a need to look at information security from a HOLISTIC PERSPECTIVE, and to have an information security management methodology to protect information systematically. This is where the need for ISMS comes in.

5. What standard should be referred to for isms implementation iso/iec 27001:2005 Iso/iec 27002:2005 ISO/IEC 27001:2005:- ISO/IEC 27001:2005 is the Requirements for Information Security Management Systems. It specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented ISMS within the context of the organization's overall business risks. The ISMS processes are based on the following Plan-Do-Check-Act model:

6. Iso/iec 20071:2005

7. Iso/iec27002:2005 ISO/IEC 27002:2005 is the Code of Practice for Information Security Management. It provides a catalogue of controls that can be implemented for ISMS. The standard comprises of 11 security areas, 39 controls objectives and 133 controls.

8. Purpose of isms 1. In many cases, the executives have no idea as to how information security can help their organization, so the main purpose of the policy is that the top management defines what it wants to achieve with information security. 2. The second purpose is to create a document that the executives will find easy to understand, and with which they will be able to control everything that is happening within the isms – they don’t need to know the details of, say, risk assessment, but they do need to know who is responsible for the isms, and what to expect from it.

9. Advantages Increase in business as customers / suppliers recognize a trusted partner Independently demonstrates that applicable laws and regulations are observed Business differentiator providing competitive advantage over similar organizations Compliance with legislation Improved management control Provide a structured way of managing information security within an organisation Increase the level of information security in the organization. Enhance the organization’s global positioning and reputation.

10. BENEFITS OF ISMS Proves senior management’s commitment to the security of its information improved risk management. Contingency planning A positive response from potential customers Ensure management commitment Can be integrated with other management systems Reduce the risk of information and hence cost of breaches Cost-effective and consistent information security

11. THANK YOU