ISMS-information security management system

An information security management system (ISMS) is a set of policies and procedures for systematically managing an organization's sensitive data. The goal of an ISMS is to minimize risk and ensure business continuity and BAU  by pro-actively limiting the impact of a security breach.



Major Components of an ISMS                      
Scope and boundaries.
Information classification.
Risk Management Methodology.
Risk Treatment.
Statement of Applicability.
Incident Handling.
Physical Security.

Risk management and mitigation
Risk management and mitigation deals with the various threats and various vulnerabilities to the assets. Subsequently identification of assets and the risk associated with those assets needs to be analysed and checked based on following points.

1. Need to check the threats which will in-turns cause the damage or misuse of information assets.
2. Explore the vulnerabilities of assets and associated controls .
3. The degree of damage to potential assets and information  caused by threats.
4. How to mitigate from those threats , the gap analysis and if needed the cost-benefit may be done based on the requirement.