Roadmap

Information security management - basic principles

What information security management is and why it is critical to an organisation.

Information Security Management System or ISMS have a structured approach to protecting the organisation's information, systems and processes. This includes policies, procedures, risk management, controls and responsibilities.

ISMS assists the organisation in managing safety risks, ensuring compliance with requirements and continuously improving safety levels.

Key principles:

  1. Responsibility of management the management provides support, resources and clear responsibilities.
  2. Risk-based approach the safety controls are selected according to the risks identified.
  3. Continuous improvement The ISMS is regularly reviewed and improved following: Plan-Do-Check-Act principle 1.
  4. Compliance with requirements the law, contractual obligations and applicable standards are respected.

Related frames:

  • ISO/IEC 27001:2022 The ISMS requirements.
  • COBIT 2019 The IT governance framework.
  • NIST CSF 2.0 √ cyber security functions: Government, Identity, Protect, Detect, Reply, Recover.