Information Security Management System
ISMS or Information Security Management system is a standard about information security. If you are able to follow ISMS standard, you can declare your company information is save from leak. So what is ISMS and how to implement it? I explain about ISMS in this lens base on my experience as ISMS secretariat in my work place.
Brief Explaination on ISMS
What you need to know about ISMS?
To explain about ISMS, I like to use 5W + 1H concept.
1. What is ISMS?
- ISMS is a short form from Information Security Management System.
- Information Security Framework whose standards are defined in ISO standard as ISO17799.
The basic requirement are:
a. Establish the framework and publicize it to all employees.
b. Review and revise the security measures regularly.
2. Why we need ISMS?
a. To protect company information, remember, business depend on information and damage to information can lead to suspension of business activity.
b. To set a standards of Security Management of "company information".
3. When we need to practice ISMS?
For me all the time, because we know company information and we must not disclose any company confidential information or top secret.
4. Who need to control ISMS?
ISMS is company requirement, so top management is responsible to manage it. Top management can appoint one senior member in the organization to lead the ISMS organization, we call it The Chairman for example. The ISMS Chairman can appoint his/her assistant.
In one company there are many department or section. The ISMS Chairman can appoint the head of the department or section to represent his/her department/section to in-charge of ISMS.
Well, Section Head/Department Head or we call it Information Manager may get busy and need assistant, so he/she can also appoint someone under him to assist him/her. We call it Information Administrator.
So the ISMS policy and rules will be transfer from top management to ISMS Chairman down to Information Manager and Information Manager need to make sure the established policy or rules is make known to all his/her staff.
Information Manager need to make sure the the policy or rules is execute and maintain all the time.
Top Management can at the same time establish ISMS Secretariat. The function of ISMS Secretariat is to explain in detail ISMS policy or rules to Information Manager and Information Administrator. It is recommended that ISMS Secretariat is from IT section.
5. Where can employee get information on ISMS?
The company need to provide a place where employee can get information on ISMS. It is a place where all people can access like notice board or company intranet portal. Internet also is a good place to find more information on ISMS.
6. How to promote ISMS in a workplace?
Well, briefing and training can be conducted from time to time to make sure all employee are aware about ISMS.
1. What is ISMS?
- ISMS is a short form from Information Security Management System.
- Information Security Framework whose standards are defined in ISO standard as ISO17799.
The basic requirement are:
a. Establish the framework and publicize it to all employees.
b. Review and revise the security measures regularly.
2. Why we need ISMS?
a. To protect company information, remember, business depend on information and damage to information can lead to suspension of business activity.
b. To set a standards of Security Management of "company information".
3. When we need to practice ISMS?
For me all the time, because we know company information and we must not disclose any company confidential information or top secret.
4. Who need to control ISMS?
ISMS is company requirement, so top management is responsible to manage it. Top management can appoint one senior member in the organization to lead the ISMS organization, we call it The Chairman for example. The ISMS Chairman can appoint his/her assistant.
In one company there are many department or section. The ISMS Chairman can appoint the head of the department or section to represent his/her department/section to in-charge of ISMS.
Well, Section Head/Department Head or we call it Information Manager may get busy and need assistant, so he/she can also appoint someone under him to assist him/her. We call it Information Administrator.
So the ISMS policy and rules will be transfer from top management to ISMS Chairman down to Information Manager and Information Manager need to make sure the established policy or rules is make known to all his/her staff.
Information Manager need to make sure the the policy or rules is execute and maintain all the time.
Top Management can at the same time establish ISMS Secretariat. The function of ISMS Secretariat is to explain in detail ISMS policy or rules to Information Manager and Information Administrator. It is recommended that ISMS Secretariat is from IT section.
5. Where can employee get information on ISMS?
The company need to provide a place where employee can get information on ISMS. It is a place where all people can access like notice board or company intranet portal. Internet also is a good place to find more information on ISMS.
6. How to promote ISMS in a workplace?
Well, briefing and training can be conducted from time to time to make sure all employee are aware about ISMS.
In short, how do you explain Information Security?
In short, we can say ISMS consist of 3 important criteria;
1. Confidentiality
2. Integrity.
3. Availability.
1. Confidentiality
We have to ensure that information is accessible only to those authorized user.
2. Integrity.
We have to ensure that information is not alter or tempered by unauthorized user.
3. Availability.
We have to ensure that information is available to authorized user when it is needed.
1. Confidentiality
2. Integrity.
3. Availability.
1. Confidentiality
We have to ensure that information is accessible only to those authorized user.
2. Integrity.
We have to ensure that information is not alter or tempered by unauthorized user.
3. Availability.
We have to ensure that information is available to authorized user when it is needed.
Great Stuff on CafePress
Great Stuff on eBay
Fetching new data from eBay now... please stand by
Netflix Movies
- 001- The Godfather
When organized crime family patriarch Vito Corleone (Marlon Brando) barely survives an attempt on hi...- 002- Casablanca
In this Oscar-winning classic, American expat Rick Blaine (Humphrey Bogart) plays host to gamblers,...- 003- One Flew Over the Cuckoo's Nest
While serving time for insanity at a state mental hospital, implacable rabble-rouser Randle Patrick...- 004- Monty Python and the Holy Grail
The Monty Python comedy clan skewers King Arthur and his knights of the round table as they quest fa...- 005- Citizen Kane
Orson Welles reinvented movies at the age of 26 with this audacious biography of newspaper baron Cha...- Try Netflix free for 14 days
New Orbitz!
Explore related pages
Mind Mapping Software Resources- Mind mapping software is uniquely suited to these needs. It’s a whiteboard...
Understanding Information Security- Searching Google, I found the top 10 results about Information Security are eith...
Risk assessment tool- The State of California has adopted ISO/IEC 27002 as its standard for informatio...
- Assessing endpoint security solutions: why detection rates aren’t enough
Getting Down with Information Assets- The answer can be simple if your users are educated properly. Yet it can also be...
