An information security management system (ISMS) is a set of policies and procedures for systematically managing an organization's sensitive data. The goal of an ISMS is to minimize risk and ensure business continuity and BAU by pro-actively limiting the impact of a security breach.
Major Components of an ISMS
Scope and boundaries.
Information classification.
Risk Management Methodology.
Risk Treatment.
Statement of Applicability.
Incident Handling.
Physical Security.
Risk management and mitigation
Risk management and
mitigation deals with the various threats and various vulnerabilities to the
assets. Subsequently identification of assets and the risk associated with those
assets needs to be analysed and checked based on following points.
1. Need to check the threats which will in-turns cause the damage or misuse of information assets.
2. Explore the vulnerabilities of assets and associated controls .
3. The degree of damage to potential assets and information caused by threats.
4. How to mitigate from those threats , the gap analysis and if needed the cost-benefit may be done based on the requirement.
0 Comments