Scribd Logo
Upload

Welcome to Scribd!

  • SGSI

    Uploaded by

    Manny Lopez
    21 views1 page
    An Information Security Management System (ISMS) is a series of steps that allows companies to assess risks and define controls to minimize their negative consequences, while guaranteeing privacy and integrity of data. It is based on Deming's Plan-Do-Check-Act cycle and involves planning, implementing, documenting, and reviewing security controls. Implementing an ISMS provides benefits like risk reduction, cost savings, and integration of security into business operations.

    Original Description:

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    An Information Security Management System (ISMS) is a series of steps that allows companies to assess risks and define controls to minimize their negative consequences, while guaranteeing privacy and integrity of data. It is based on Deming's Plan-Do-Check-Act cycle and involves planning, implementing, documenting, and reviewing security controls. Implementing an ISMS provides benefits like risk reduction, cost savings, and integration of security into business operations.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    21 views1 page

    SGSI

    Uploaded by

    Manny Lopez
    An Information Security Management System (ISMS) is a series of steps that allows companies to assess risks and define controls to minimize their negative consequences, while guaranteeing privacy and integrity of data. It is based on Deming's Plan-Do-Check-Act cycle and involves planning, implementing, documenting, and reviewing security controls. Implementing an ISMS provides benefits like risk reduction, cost savings, and integration of security into business operations.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 1

    It is a series of steps that allows companies to assess risks and define the control

    Information Security applications necessary to eliminate or minimize their negative consequences.


    Management System what is it? At the same time, guaranteeing the privacy and integrity of the data that a business
    manages and allows it to gain a greater degree of trust from its clients when it complies
    (ISMS) with legal regulations regarding data protection.

    What is it based on
    IMPLEMENTATION
    METHOD BENEFITS ADVANTAGES
    DEMING
    CHARACTERISTICS CYCLE
    Steps Mains

    How does it wor k


    Risk reduction

    Plan
    1 Evaluation 4 Organization Identifies risks and threats
    thanks to controls, protocols, The companies
    Submit systems and Organize the policies and monitoring of that obtain the
    Integrity In the initial phase, an evaluation processes and information. ISO 27001
    of all the risks and threats to the infrastructure and documentation by phases of
    The information must always information that occurs in the information security for execution and organization certificate are
    remain accurate and different areas of the company is evaluation. of the project. distinguished by
    unalterable, as well as the carried out. their secure and
    processes in charge of using Cost reduction accurate
    it. treatment of all
    Optimizes the entire process the data they
    5 Presentation to evaluate and detect threats,
    Do handle and
    2 Planning discarding those that are guarantee that an
    This step collects the ineffective.
    information
    In this phase, the selection of results of the evaluation
    Confidentiality appropriate controls to Plan and study the options security system is
    phase, defines the used, which is an
    measure the risks is for the implementation of
    The data handled by the treatment of the risks international
    implemented. the ISMS through the hiring
    company is confidential and detected and declares the Integration of security in the standard to
    of a consultant.
    cannot be disclosed to third applicability or not of the business protect the privacy
    parties (other companies, controls. and integrity of the
    entities or persons). Check This system implies the safety information.
    of each of the components as
    In this phase, the efficiency the main priority.
    and effectiveness should be 3 Documentation
    evaluated and reviewed. 6 Deployment and
    Availability It consists of gathering all commissioning
    Through KPI (metrics
    associated with objectives). the relevant documentation
    It refers to the possibility that Once the ISMS is approved, Increased competitiveness
    to feed the knowledge base
    authorized people, it is launched and applied to
    and grouping it by activities
    companies or processes can each of the processes and With this system there will be a
    access business information. Act and logical tasks in a prestigious ISO security
    in this way it becomes a
    determined time. certification that will be a
    In this last phase, the fundamental part of the differentiating element with the
    necessary corrections or organization. competition
    changes are applied to the
    system to get the most out of
    it.

    You might also like