Upload
eset
View
1.540
Download
0
Embed Size (px)
Citation preview
HOW TO IMPLEMENT A ROBUST INFORMATION SECURITY MANAGEMENT SYSTEM?
An Information Security Management System (ISMS) involves implementing and maintaining processes to e�ciently manage the protection of information and, in doing so, ensuring its integrity, confidentiality and availability. You may implement
guidelines set out in ISO 27001, COBIT, NIST or in any other similar framework or you may even create your own management system. What matters in order to make
ISMS e�cient is to consider all these factors of the cycle.
/company/eset/@ESET/ESET /eset
Define steps to follow and assets to be protected, and how and who will be in charge.
This stage requires that the following be established:
• Those responsible for security
• Critical processes to protect and their scope
• Information security policies
• Resources needed for operation, maintenan-ce and improvement
PLAN AND ESTABLISH
SGSI
4
IMPLEMENT AND MANAGEPut in place all controls establi-shed during planning and manage security as part of daily operations.
• Qualitative and quantitative evaluation of risks
•Risk treatment o Mitigate o Eliminate o Transfer o Accept
• Application of security controls o Technical o Physical o Administrative
•Security management plans o DRP o BCP o IRP • Awareness campaigns •Definition of control metrics
2
MONITOR AND MEASURE
Check the measures in place for correct functioning, in addition to measuring the success of manage ment against parameters set in advance.
• Security audits o Review of compliance with
standards o Assessment of vulnerabilities o Penetration tests o Gap analysis o Maturity levels • Review of ISMS against metrics
3
1
MAINTAIN AND IMPROVE
Once the obtained results are verified and measured, improvements – which are to be planned, set in motion, and reviewed – must be fed back into the process.
• Treatment of non-conformities: address non-compliance • Corrective actions for permanent improvement
www.eset.com | www.welivesecurity.com