Register now or log in to join your professional community.
An information security management system (ISMS) is a set of policies and procedures for systematically managing an organization's sensitive data. The goal of an ISMS is to minimize risk and ensure business continuity by pro-actively limiting the impact of a security breach.
An ISMS typically addresses employee behavior and processes as well as data and technology. It can be targeted towards a particular type of data, such as customer data, or it can be implemented in a comprehensive way that becomes part of the company's culture.
ISO27001 is a specification for creating an ISMS. It does not mandate specific actions, but includes suggestions for documentation, internal audits, continual improvement, and corrective and preventive action.
An information security management is a set of policies concerned with information security management or IT related risks
secure from adversaries
Information Security Management (ISM) in a nutshell means management of information security. At most enviroment GRC is the relevent fuctions dealing with ISM issues.
Now to go to the core Management = Governance. How information is managed? Through polices and procedures.
There can be many ways to management information security, Risk management as shown by ahmed elsherbeny is part of the management process and mostly efforts are drawn to provide visiblity to infomation of information security.
Below is more comprehensive information.
http://en.wikipedia.org/wiki/Information_security_management_system
Definition by Wikipedia;
Information security management (ISM) describes controls that an organization needs to implement to ensure that it is sensibly managing these risks.
The risks to these assets can be calculated by analysis of the following issues:
Standards that are available to assist organizations implement the appropriate programmes and controls to mitigate these risks are for example BS7799/ISO17799, Information Technology Infrastructure Library and COBIT.
