UnixTime

Research Note

Information Security Management System

An Information Security Management System is the structured set of policies, processes, roles, risks, controls, evidence, audits, management reviews, and improvement activities...

On this page

An Information Security Management System is the structured set of policies, processes, roles, risks, controls, evidence, audits, management reviews, and improvement activities used to manage information security.

Practical view

An ISMS connects:

  • organizational context;
  • interested parties;
  • ISMS scope;
  • risk assessment;
  • risk treatment;
  • control selection;
  • policies and procedures;
  • evidence of operation;
  • monitoring and measurement;
  • internal audit;
  • management review;
  • continual improvement.