Involve your Team
Initiate the first round of discussions with your employees at all levels and perform information security profiling within your organisation.
Define the Scope of your Implementation
The ISMS stands for Information Security Management System. In the beginning it is important to define this scope, whether it is one layer of your company, a department, floor or even a process.
Get Started with a Risk Assessment
Define the risk assessment approach. You may want to take a look at ISO/IEC 27005 a sub section of the 2700x standard series, which is specially focused on risk assessment.
Identify your Information Assets
Define both the tangible and intangible assets within the field of your ISMS. These assets can be people and buildings and everything else in between.
Assess the Risk to the Assets
Perform risk assessment exercise for various assets within the range of your Information Security Management System. This involves identifying relevant threats towards the assets, identification of vulnerabilities of the asset towards each threat, impact of threat and the probability of a threat becoming a reality.
Design a Risk Management Strategy
The relationship between an Asset and a Threat is considered a Risk. Suggest controls from ISO/IEC 27001 that Hedge against the Identified Risks. Guidelines on the implementation of these controls are in ISO/IEC 27002. You may need to define your own specific controls.
Obtain the results of the Risk Assessment required by the standard ISO/IEC 27001
The most important report is the SOA report or the Statement of Applicability, which should display the information security risk within the scope.
Training and Awareness
Develop a customised and focused information security-training program to build awareness of information security for everybody in your company.
Get ready for Business Continuity planning
The Risk Assessment is only one part of three steps required for a full implementation of ISO/IEC 27001. The other two are Business Continuity planning and development of Organisational Manual such as procedures, processes and policies.
This information was provided by Svana Helen Bjornsdottir, ISO/IEC 27001 Lead Auditor and CEO of Stiki Information Security.
To find out in more detail about implementing risk management visit www.riskmanagementstudio.com
October 24, 2024 – Metastat Insights – The global Base Station RF Power Amplifier market…
London, 23rd October 2024 – Under the High Patronage of His Majesty King Mohammed VI,…
Boynton Beach, FL – September 10, 2024 – Sunshine State Dentistry of Boynton Beach, led…
Sep 10, 2024 – Dallas, TX – A new report by Metastat Insights reveals that…
Reykjavik, Iceland – September 2024 – The Reykjavik Internet Marketing Conference (RIMC), Iceland's longest-running digital…
Hafnarfjörður, Iceland, July 16, 2024 – One evening in Iceland, Ástvaldur, the founder of Sleipnir…