Alternate Lab Assignment Paper

Alternate Lab Assignment Paper - Information Security...

Info iconThis preview shows pages 1–3. Sign up to view the full content.

View Full Document Right Arrow Icon
Information Security Management Systems (ISMS) As technology evolves, companies are responsible for adapting and changing their operations accordingly. As technology advances, information security is one of the top priorities regardless of what type of business you are in. It is vital that a company forms specific controls and implements an effective information management system. Companies with larger database management needs, or other customer storage backup might need a more extensive management system in order to keep the information secure. The important factors that go into implementation of a strong information security management system include: specific company needs, the ISO/IEC 27001 framework definition, and proper utilization of the PDCA code. Different companies adopt different systems depending on the processes and information handled by that specific company. The first step to implementing an ISMS is assessing information security risks that could arise. This includes an evaluation of all business processes, files, databases, and any information storage devices (among other things) and listing them by the severity of risk they could introduce. The evaluation will give the company a good idea of what areas they need to implement security management systems. It can be done either by an internal risk management advisor, or by hiring an external risk management company. Once the risks of the company have been identified, they can decide which ISMS would best benefit the company and limit these risks. The definition of ISMS and steps required to apply it are specifically explained by ISO/IEC 27001. There are 3 main steps for management to follow in order to achieve a successful ISMS. Management must “Systematically examine the organization's information security risks, taking account of the threats, vulnerabilities and impacts” . This step is covered
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
partially in the paragraph preceding this. Most organizations have a number of security controls, but without a properly executed ISMS, they become disjointed and unorganized. These controls usually deal with aspects of IT or data security, but unfortunately leave non-IT information assets (such as paperwork and proprietary knowledge) less protected on the whole. The key is finding a
Background image of page 2
Image of page 3
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

Page1 / 5

Alternate Lab Assignment Paper - Information Security...

This preview shows document pages 1 - 3. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online