An Information Security Management System is the structured set of policies, processes, roles, risks, controls, evidence, audits, management reviews, and improvement activities used to manage information security.
Practical view
An ISMS connects:
- organizational context;
- interested parties;
- ISMS scope;
- risk assessment;
- risk treatment;
- control selection;
- policies and procedures;
- evidence of operation;
- monitoring and measurement;
- internal audit;
- management review;
- continual improvement.
Related notes
- Isms
- Iso27001
Note Metadata
Aliases: ISMS
Source: 01 Fundamentals/Information Security Management System.md
Related Notes
- Annex A and the Statement of Applicability
- Field of Application, Usage, and Compliance
- Information Security Policy
- Internal Audit
- ISO 27001 Clauses 4-10 vs Annex A
- Management Review
- Risk Assessment
- Statement of Applicability
- ISO 27001 A.5.5 - Contact with Authorities
- ISO 27001 A.5.7 - Threat Intelligence
- ISO 27001 A.5.8 - Information Security in Project Management
- ISO 27001 A.5.9 - Inventory of Information and Other Associated Assets
- ISMS Implementation Roadmap
- ISO 27001 Implementer Guide
- ISO 27005 Risk Process Notes
- ISO 27001 Knowledge Base
- ISO 27001 Overview