Information security management Essay Example | Topics and Well Written Essays - 3000 words

Information security management - Essay Example The next key element is PLAN. The Plan defines the service level agreements as per business requirements, foundation of contracts, operational level agreements, and policy statements. All these components included in the planning are based on the requirements of the business. After the completion of control and plan, the next key element is to IMPLEMENT all these components. Implementation involves creating knowledge and consciousness along with categorization and listing of assets. Moreover, personnel security and physical security related to theft is implemented. Likewise, implementation element also involves security related to network, applications and computing devices. In addition, configuration and management of access rights and contingency planning of security incident processes is also a part of this element. All of the three elements control, plan and implement lays a foundation of a structure. After the deployment of ISMS structure, the next key element is EVALUATE. The e valuation consists of internal and external auditing of the processes that are implemented in the previous three phases. Moreover, self-assessment is also conducted, along with security incident evaluation. For instance, if there is a breach in security, the security management processes ensure to deal with security incidents. The last key element is MAINTAIN. This phase frequently monitors processes including security management, new threats, vulnerabilities and risks. These elements, do not only monitors these processes, but also improve processes where required , and if there are certain processes that needs to be improved, the ISMS cycle start from the first key element i.e. CONTROL. 1.1 ISMS Scoping A good definition of ISMS is available on www.praxiom.com, defined as â€Å"An information security management system (ISMS) includes all of the policies, procedures, plans, processes, practices, roles, responsibilities, resources, and structures that are used to protect and preser ve information. It includes all of the elements that organizations use to manage and control their information security risks. An ISMS is part of a larger management system†. The goal is to protect the information of the organization itself as well as its customers. The ISO/IEC has established two standards that emphasize of ISMS. The ISO/IEC 17799 is a code for information security management. It is the framework or a system that is based on certain processes, to ensure that organizations achieve their information security management objectives i.e. ISMS. The second standard is ISO/IEC 27001 is associated with several different factors including (, ISO/IEC 27001:2005 - Information technology -- Security techniques -- Information security management systems -- Requirements): Implemented in the organization to originate security requirements and goals Implemented within the organization in such a manner that security risk management bears less cost Implemented within the organi zation for guaranteed deployment of compliance with laws and regulations Implement a process framework within the organization for deployment and management of controls in order to meet particular security objectives Defining new processes