Information Security Management System

Why Trust Techopedia

What Does Information Security Management System Mean?

An information security management system (ISMS) is a set of frameworks that contain policies and procedures for tackling security risks in an organization. The focus of an ISMS is to ensure business continuity by minimizing all security risks to information assets and limiting security breach impacts to a bare minimum.

Advertisements

Techopedia Explains Information Security Management System

BS7799, which is derived from ISO 17799, provides the necessary specifications for documenting, designing and implementing an ISMS.

An ISMS accounts for an organization’s different elements, such as:

  • Human resources (HR)
  • Organizational processes and procedures
  • Information and technologies

Key ISMS factors are:

  • Data integrity: Access restriction and protection of data from unauthorized resources
  • Availability: Organizational information available to authorized resources without any issues
  • Confidentiality: Protection of information from unauthorized resources

Benefits of implementing an ISMS are:

  • Decrease in downtime of IT systems
  • Decrease in security related incidents
  • Increase in meeting an organization’s compliance requirements and standards
  • Increase in customer satisfaction, demonstrating that security issues are tackled in the most appropriate manner
  • Increase in quality of service
  • Process approach adoption, which helps account for all legal and regulatory requirements
  • More easily identifiable and managed risks
  • Also covers information security (IS) (in addition to IT information security)
  • Provides a competitive edge to an organization with the help of tackling risks and managing resources/processes
Advertisements

Related Terms

Margaret Rouse
Editor

Margaret jest nagradzaną technical writerką, nauczycielką i wykładowczynią. Jest znana z tego, że potrafi w prostych słowach pzybliżyć złożone pojęcia techniczne słuchaczom ze świata biznesu. Od dwudziestu lat jej definicje pojęć z dziedziny IT są publikowane przez Que w encyklopedii terminów technologicznych, a także cytowane w artykułach ukazujących się w New York Times, w magazynie Time, USA Today, ZDNet, a także w magazynach PC i Discovery. Margaret dołączyła do zespołu Techopedii w roku 2011. Margaret lubi pomagać znaleźć wspólny język specjalistom ze świata biznesu i IT. W swojej pracy, jak sama mówi, buduje mosty między tymi dwiema domenami, w ten…