<abstract xmlns="http://www.w3.org/1999/xhtml"><p> News about various information security attacks against companies appears almost every day. The sources of these attacks vary from cyber-criminals who want to steal companies’ data to demand a ransom, to current or former employees who want to create damage to the organization. The best way to defend organizational critical assets is to implement an Information Security Management System that secures all sensitive assets from confidentiality, availability and integrity perspective. An Information Security Management System offers top management a framework for sensitive information flow control. This framework includes with a risk assessment that considers the security threats and vulnerabilities of the company’s assets. Companies usually implement Information Security Management System only after they have a functional quality management system, which brings clarity and optimization to the company’s processes. Current approaches on creation and implementation of effective Information Security Management System are very theoretical and thus difficult to use in practice. The main objective of this paper is to present an Information Security Management System implementation method in the case of a small company by defining the basic steps in achieving a fully functional Information Security Management System. The proposed methodology considers the top management Information Security Management System objectives, organizational context, risks assessment and third parties expectations fulfillment.</p></abstract>

News about various information security attacks against companies appears almost every day. The sources of these attacks vary from cyber-criminals who want to steal companies’ data to demand a ransom, to current or former employees who want to create damage to the organization. The best way to defend organizational critical assets is to implement an Information Security Management System that secures all sensitive assets from confidentiality, availability and integrity perspective. An Information Security Management System offers top management a framework for sensitive information flow control. This framework includes with a risk assessment that considers the security threats and vulnerabilities of the company’s assets. Companies usually implement Information Security Management System only after they have a functional quality management system, which brings clarity and optimization to the company’s processes. Current approaches on creation and implementation of effective Information Security Management System are very theoretical and thus difficult to use in practice. The main objective of this paper is to present an Information Security Management System implementation method in the case of a small company by defining the basic steps in achieving a fully functional Information Security Management System. The proposed methodology considers the top management Information Security Management System objectives, organizational context, risks assessment and third parties expectations fulfillment.

Considerations on the implementation steps for an information security management system

Proceedings of the International Conference on Business Excellence

This work is licensed under the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 License.

News about various information security attacks against companies appears almost every day. The sources of these attacks vary from cyber-criminals who want to...

Considerations on the implementation steps for an information security management system

Online veröffentlicht: 15. Juni 2018

Seitenbereich: 476 - 485

DOI: https://doi.org/10.2478/picbe-2018-0043

Schlüsselwörter
information security management system, ISMS implementation steps, ISMS implementation methodology, Organizational security, ISMS for small and medium enterprises, protection of company’s data, ISMS design

© 2018 Răzvan Cristian Ionescu, published by Sciendo

This work is licensed under the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 License.

Considerations on the implementation steps for an information security management system

Online veröffentlicht: 15. Juni 2018

Seitenbereich: 476 - 485

DOI: https://doi.org/10.2478/picbe-2018-0043

Schlüsselwörterinformation security management system, ISMS implementation steps, ISMS implementation methodology, Organizational security, ISMS for small and medium enterprises, protection of company’s data, ISMS design

© 2018 Răzvan Cristian Ionescu, published by Sciendo

This work is licensed under the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 License.

Schlüsselwörter
information security management system, ISMS implementation steps, ISMS implementation methodology, Organizational security, ISMS for small and medium enterprises, protection of company’s data, ISMS design