Six step to the establishment of an Information Security Management System (ISMS)

1. Define the scope of the ISMS.

2. Define the information security policy.

3. Define a systematic approach to risk assessment and the risk acceptance criteria.

4. Carry out a risk assessment to identify, within the context of the policy and ISMS scope, the important information assets of the organization and the risks to them. This is where you assess the risks.

5. Identify and evaluate options for the treatment of these risks, selecting, where required, the control objectives and controls to be implemented.

6. Prepare a statement of applicability.

Bookmark/Search this post with:
  • Delicious
  • Digg
  • StumbleUpon
  • Propeller
  • Reddit
  • Facebook
  • Google
  • Yahoo
  • Technorati

Trackback URL for this post:

http://www.smashingpasswords.com/trackback/79

User login

Who's online

There are currently 0 users and 2 guests online.

Who's new

  • asejPeelwrx
  • swigicky
  • EthefwafMaife
  • lerafuxse
  • NugRigquiff