[Term of the Day]: ISMS
Term of the Day
"ISMS"
Information Security Management System (ISMS), is a framework that holds a set of policies and procedures to safeguard the sensitive data of an organization. The primary goal of ISMS is to ensure the business continuity by pro-actively limiting the security breaches or sudden impacts or any risks affecting business.
ISO 27001 standards are developed by ISO and International Electrotechnical Commission (IEC). It outlines the criteria that businesses can follow to maintain the security of their information assets. ISO 27001 is designed around the PCDA, Plan-Do-Check-Act model:
- Plan - Identify the problem and collect data to establish security vulnerabilities.
- Do - Deploy the planned security policy and process, gauge the outcome of the planned procedures.
- Check - Monitor the effectiveness of the implemented policy and control, examine the output with before and after implemented solution.
- Act - Document the results of your solution and make notes of changes to be implemented during the next PCDA cycle.
Organizations like healthcare or financial services or military operate with tight regulations and policies, they may need a broad scope of security activities and risk mitigation strategies. Such organizations can follow ISO 27001 guidelines, It's an internationally recognized standard that sets requirements for ISMS.