Information security management Essay Example | Topics and Well Written Essays - 3000 words

culture security department instruction - Essay ExampleThe neighboring key element is PLAN. The Plan defines the service level agreements as per billet requirements, foundation of contracts, operational level agreements, and policy statements. All these components included in the planning are found on the requirements of the business. After the completion of control and plan, the next key element is to IMPLEMENT all these components. Implementation involves creating knowledge and consciousness along with categorization and listing of assets. Moreover, personnel security and physical security tie in to theft is implemented. Likewise, implementation element also involves security related to network, applications and computing devices. In addition, configuration and management of access rights and contingency planning of security mishap processes is also a part of this element. All of the three elements control, plan and implement lays a foundation of a structure. After the depl oyment of ISMS structure, the next key element is EVALUATE. The paygrade consists of internal and external auditing of the processes that are implemented in the previous three phases. Moreover, self-assessment is also conducted, along with security incident evaluation. For instance, if there is a breach in security, the security management processes ensure to deal with security incidents. The last key element is MAINTAIN. This phase frequently monitors processes including security management, new threats, vulnerabilities and risks. These elements, do not simply monitors these processes, but also improve processes where required , and if there are certain processes that needs to be improved, the ISMS cycle start from the first key element i.e. CONTROL. 1.1 ISMS Scoping A good definition of ISMS is available on www.praxiom.com, defined as An information security management system (ISMS) includes all of the policies, procedures, plans, processes, practices, roles, responsibilities, r esources, and structures that are used to protect and concern information. It includes all of the elements that ecesiss use to manage and control their information security risks. An ISMS is part of a larger management system. The goal is to protect the information of the organization itself as well as its customers. The ISO/IEC has established two standards that emphasize of ISMS. The ISO/IEC 17799 is a code for information security management. It is the framework or a system that is based on certain processes, to ensure that organizations achieve their information security management objectives i.e. ISMS. The second standard is ISO/IEC 27001 is associated with several different factors including (, ISO/IEC 270012005 - Information technology -- Security techniques -- Information security management systems -- Requirements) Implemented in the organization to originate security requirements and goals Implemented within the organization in such a manner that security risk management bears less cost Implemented within the organization for guaranteed deployment of compliance with laws and regulations Implement a process framework within the organization for deployment and management of controls in order to meet particular security objectives Defining new processes