Professional Documents
Culture Documents
Lecture Notes ISMS
Lecture Notes ISMS
Information security
management system.
General objectives
To brief members to the concept of information
security, information security management system.
Archive Store
Modify Distribute
Cont.
vise versa.
Examples of information
Names,addresses,phone,numbers
Bank accounts numbers,credit cards details
Personal details (health ,etc).
Designs ,patents ,technical research
Passwords
Plans
Intelligence (on criminal activities ,hostile nation
etc)
Bids of contract, market research competitive
analysis
Security information (Facilities plans etc)
Types of information media
Mails/e-mails
Database
People conversations
Websites/blogs/social networking sites
Memory sticks and Flash disks.
Papers (printed,handwritten etc)
Context of the organization
Context of organisation
Understanding the organization and its
context.
The internal, external issues and interested
• Organizational structure
• Strategic objectives
• Internal stake holders
• Contractual relationship
• Policies and governance
• Organizational culture
External issues
• Social culture
• Legal
• Technological
• Political
• Economical
• Competition
Interested parties
• Stake holders
• Consumer
• Suppliers
• Competitors
• Intermediaries
Note: The scope shall be available as a documented information which must clearly show the
processes, boundary and assets .
Defining the ISMS scope
The organization shall determine the
boundaries and applicability of the
information security management system to
establish its scope.
When defining the scope we need to consider.
◦ The internal and external issues
◦ Needs and expectations of interested parties.
◦ Interfaces and dependencies between activities performed by the
organization and those that are performed by other organizations.
Example
To provide quality tertiary education through
teaching and research at main and town
campuses in Bangi.
It also includes consultancy and common
outreach services . Asset of the university are
human capital ,land infrastructure state of the
art equipment and use of enterprise
resources, planning to support the delivery of
its mandate.
LEADERSHIP
Leadership commitment
Top management shall demonstrate leadership and
commitment with respect to ISMS by ;
VC SIGNATURE
Risk-based thinking
Risk-based thinking, describes the tools for
identifying and managing risks.
It also refers to a coordinated set of activities
and Threats) .
P.E.S.T.E.L Analysis ( Political, Economical, Social,