Chapter 2. Using an Isms to Counter the Threats
According to the ISMS International User Group, an information security management system ‘is the means by which Senior Management monitors and controls their security, minimizing the residual business risk and ensuring that security continues to fulfil corporate, customer and legal requirements’. Simply put, an ISMS is a framework which management employs to ensure a structured approach is taken to identify the business risks posed against key information assets and how best to manage, eliminate or mitigate those risks.
An effective ISMS will be an integrated part of the overall management system within a company. This is to ensure that senior management is involved and is committed to the ISMS. ...
Get ISO27001 in a Windows® Environment: The best practice handbook for a Microsoft® Windows® environment, Second Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.