Communiquez avec les autres et partagez vos connaissances professionnelles

Inscrivez-vous ou connectez-vous pour rejoindre votre communauté professionnelle.

Suivre

What is Information Security Management?

user-image
Question ajoutée par Abdul-Hameed Deeb Al-Sawadi , IT Manager , Masaneed Commercial Group (MCG)
Date de publication: 2014/03/30
Gourab Mitra
par Gourab Mitra , Manager IT Project Program and Delivery Management(Full Time Contract/Consulting Role) , IXTEL(ixtel.com)

An information security management system (ISMS) is a set of policies and procedures for systematically managing an organization's sensitive data. The goal of an ISMS is to minimize risk and ensure business continuity by pro-actively limiting the impact of a security breach. 

 

An ISMS typically addresses employee behavior and processes as well as data and technology. It can be targeted towards a particular type of data, such as customer data, or it can be implemented in a comprehensive way that becomes part of the company's culture. 

 

ISO27001 is a specification for creating an ISMS. It does not mandate specific actions, but includes suggestions for documentation, internal audits, continual improvement, and corrective and preventive action.

MASOOQUE ALI
par MASOOQUE ALI , PAYROLL OFFICER , Arabian Bemco Contracting Co. Ltd

An information security management  is a set of policies concerned with information security management or IT related risks

Arif Mohammad Abdul
par Arif Mohammad Abdul , Project coordinator for the Department of CSE in TKR College of Engineering and Technology , Engineering and Technology

secure from adversaries 

Ahmed Harris
par Ahmed Harris , Security Manager , KE Pakistan

Information Security Management (ISM) in a nutshell means management of information security. At most enviroment GRC is the relevent fuctions dealing with ISM issues.

Now to go to the core Management = Governance. How information is managed? Through polices and procedures.

There can be many ways to management information security, Risk management as shown by ahmed elsherbeny is part of the management process and mostly efforts are drawn to provide visiblity to infomation of information security.

Below is more comprehensive information.

http://en.wikipedia.org/wiki/Information_security_management_system

 

 

 

 

Ahmed Mohamad Mohamad Elsherbeny
par Ahmed Mohamad Mohamad Elsherbeny , Head of team , Egypt Penetration Testers

Definition by Wikipedia;

 

Information security management (ISM) describes controls that an organization needs to implement to ensure that it is sensibly managing these risks.

The risks to these assets can be calculated by analysis of the following issues:

  • Threats to your assets. These are unwanted events that could cause the deliberate or accidental loss, damage or misuse of the assets
  • Vulnerabilities. How susceptible your assets are to attack
  • Impact. The magnitude of the potential loss or the seriousness of the event.

Standards that are available to assist organizations implement the appropriate programmes and controls to mitigate these risks are for example BS7799/ISO17799, Information Technology Infrastructure Library and COBIT.