Information Security Management System
An Information security management system (ISO 27001) is a systematic approach for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an organization’s information security to achieve business objectives. ISMS helps in streamlining processes to protect information, effective data management and IT assets. There are 114 controls in ISO 27001, divided into 14 categories as mentioned below:
- Information security policies (2 controls)-make sure that policies are written and reviewed in line.
- Organization of information security (7 controls)-established a framework that can adequately implement and maintain information security
- Human resource security (6 controls)-make sure that employees and contractors understand their responsibilities.
- Asset management (10 controls)- identifying information assets, information classification, media handling.
- Access control (14 controls)-employees can only view information that’s relevant to their job.
- Cryptography (2 controls)-use cryptography properly and effectively to protect confidentiality, integrity & availability.
- Physical and environmental security (15 controls)-prevent unauthorized physical access, prevent the loss, damage or theft.
- Operations security (14 controls)-addresses operational procedures, malware, logging and monitoring, technical vulnerability.
- Communications security (7 controls)-concerns the way organizations protect information in networks.
- System acquisition, development, and maintenance (13 controls)-address the security requirements for internal systems as well as those that provide services over public networks.
- Supplier relationships (5 controls)-concerns the contractual agreements organizations have with 3rd parties.
- Information security incident management (7 controls)- how to manage and report security incidents
- Information security aspects of business continuity management (4 controls) -create an effective system to manage business disruptions
- Compliance (8 controls)- ensures that organizations identify relevant laws and regulations
ISMS preserves the confidentiality, integrity, and availability (CIA) of information by applying a risk management process and giving confidence to interested parties that risks are adequately managed.