Share what you know with millions of people
Focus is the best place to turn what you know into remarkable content
0
Is an information security management system the same as having a network security policy?
As our company grows I'm realizing we need to have more IT security strategies in place. I'm curious to know if an information security management system is the same as a network security policy, or is a network security policy part of an overall ISMS? Can anyone explain the difference please?
Events
- Dos and Don'ts of Small Business Marketing May 29 @ 11 am PT
- Lead Nurturing 202: The Next Generation May 31 @ 11 am PT
- The Tricks to Paid Media June 6 @ 11 am PT
- Display Advertising for Brand Awareness June 20 @ 11 am PT
Related Activity
1 Answer
An Information Security Management System (ISMS) is a combination of policies and procedures combined with IT Systems and applications intended to manage risks to information assets. The purpose of an ISMS is to ensure acceptable levels of information security. An effective ISMS should adapt to changes in the organization as well as changes in the external environment. ISMS is based on the ISO/IEC 27001 standards and follows the typical Plan, Do, Check, and Act (PDCA) approach.
• Plan: design the ISMS to assess information security risks and define appropriate controls
• Do: Implement and manage the controls
• Check: Review and evaluate the effectiveness and efficiency of the ISMS
• Act: Based on the evaluation or Check phase, changes should be made to maximize the performance of the ISMS
Answer This Question