- An International Standard that specifies the requirements for establishing implementing, operating, monitoring, reviewing, maintaining and improving a documented Information Security Management System within the context of the organization’s overall business risks. It specifies requirements for the implementation of security controls customized to the needs of individual organizations or parts thereof.
- It is designed to ensure the selection of adequate and proportionate security controls that protect information assets and give confidence to interested parties.
o Security Policy: addresses management support, commitment & direction in accomplishing information security goal.
o Asset management: addresses the way assets are grouped, handled and stored.
o Human Resources Security: addresses an organization’s ability to mitigate risk inherent in human interactions, including staffing, training, security responsibilities.
o Physical & Environmental Security: addresses risk inherent to organizational premises and the ability of physical infrastructure to protect the assets.
o Communications & Operations Management: addresses an organization’s ability to ensure correct and secure operation of its assets, including configuration, changes, administration
o Access Control: addresses an organization’s ability to control access to assets based on business and security requirements
o Information Security Incident Management: addresses an organization’s ability to record, investigate and take corrective measures
o Business Continuity Management: addresses an organization’s ability to counteract interruptions to normal operations, due to disasters
o Compliance: addresses an organization’s ability to remain in compliance with regulatory, statutory, contractual, and security requirements
Benefits :
- Information security protects information from a wide range of threats in order to ensure business continuity, minimize business damage and maximize return on investment and business opportunities
• Every organization will have a differing set of requirements in terms of control requirements and the level of confidentiality, integrity and availability
• Comforts customers, employees, trading partners and stakeholders – in the knowledge that your management information and systems are secure.
• Demonstrates credibility and trust.
• Can lead to cost savings. Even a single information security breach can involve significant costs.
• Establishes that relevant laws and regulations are being met.
• Ensures that a commitment to Information Security exists at all levels throughout an organization
• Asset Management
Applicability :
- It can be applicable to all organization that is having information like software companies, commercial enterprises, government agencies, non-profit organizations