O.M. Hiran Kanishka ChandrasenaPage9of16
Information Security Management System7.Information systems, development and maintenanceSecurity requirement maintenance objectives:The security available, integrity parts add ininformation system. Prevent errors, loss damages, and unauthorized access of theinformation system.8.Information security incident managementManagement of information incident security improvements objectives:Ensure theeffective approach of the management information security incidents consistence and alsoinformation system communication timely corrective.9.Information security incident managementReport information security & incident management objectives:The information securityevents which use to associate with the communication systems and the weakness of thesystem allow by timely to truthful the action to be take that event. Thus the effectiveapproach to applied information security incident which related to the relevant measures.10. Business control managementInformation security characteristics to business continuity management objective:Theinterruption of the business activities to defend the critical business areas process that canbe happen major failures of the management system controls.11. ComplianceCompliance of legal requirements objectives:breaches the security law valuations to avoidand contractual responsibly of the security requirements and also the information structuralpolicies and standardsO.M. Hiran Kanishka ChandrasenaPage10of16
Information Security Management SystemFigure 4.3.2 ISO reach the goals4.4Advantages of the ISMS certification to organizationProvide the operational process of the information security plan in the organizationProvide best practices on independence to manage the organization conformityInformation security enhance with the authority with the organizationIssue evidence and assurance to the organization to reach the standards requirementsThe organization enhance the global arranging and company reputationInformation security authority with the policy of the organizationEscalation levels of information securityFramework for legal and regulatory requirementsProvide commencements to secure businessProvide comparative edgeReduce the time and effort internal and external auditsO.M. Hiran Kanishka ChandrasenaPage11of16
Information Security Management System5Risk Assessing Information SecurityInformation security Risk Management System (RMS) was integrated in U.S government in1999. This RMS provides risk management cycle with following charters;Figure 5.1 Risk Management System CycleRisk Assessment:The concept of the decision making information need to understand thefactors which affect the operation of the input and output of the company processes. Thisincludes identification of threats on the estimated chance of the occurrence. The base of thepast data which identifies the value of the concept of the assets that may be occur potentialvictims, identify the cost enrolments to take action for risk results and proper implementationresults controls.
Upload your study docs or become a
Course Hero member to access this document
Upload your study docs or become a
Course Hero member to access this document
End of preview. Want to read all 16 pages?
Upload your study docs or become a
Course Hero member to access this document
