Information Security Management System

The ISMS concept is linked to ISO 27001 specification. It involves the following steps. First 3D; Define scope and boundaries

Define ISMS policy

Define the risk assessment approach Then RMICAAP stuff;

Identify the risks

Analyse and evaluate the risks

Risk Treatment

Select control objectives and activities And finally some disclosure type stuff

Gain management approval for residual risks

Obtain management approval for the ISMS

Prepare a statement of applicability In the statement of applicability justifications must be provided for not selecting particular controls. Certification of the above must take place annually.