Difference between revisions 645084323 and 645456430 on enwiki

[[File:Risk Management Elements.jpg|thumb|Plan-Do-Check-Act Cycle]]
[[File:Isms framework.jpg|thumb|ENISA: Risk Management and Isms activities]]
An '''information security management system'''<ref>{{cite web|title=Security management system’s usability key to easy adoption|url=http://www.sourcesecurity.com/news/articles/co-4108-ga.8554.html|publisher=sourcesecurity.com|accessdate=22 August 2013}}</ref>  (ISMS) is a set of policies concerned with [[information securi(contracted; show full)

These facts inevitably lead to the conclusion that '''security administration is a management issue, and not a purely technical issue'''.<ref name=ENISAFULL/>

The establishment, maintenance and continuous update of an ISMS provide a strong indication that a company is using a systematic approach for the identification, assessment and management of information security risks. 
'''Critical factors of ISMS:'''

* 
'''[[Confidentiality''']]: Protecting information from unauthorized parties.
* '''[[Data integrity|Integrity''']]: Protecting information from modification by unauthorized users.
* '''[[Availability''']]: Making the information available to authorized users.

A company will be capable of successfully addressing information '''confidentiality''', '''integrity''' and '''availability''' (CIA)requirements which in turn have implications:

* business continuity;
* minimization of damages and losses;
* competitive edge;
* profitability and cash-flow;
* respected organization image;
* legal compliance
(contracted; show full)* [[Threat (computer)]]
* [[Vulnerability (computing)]]
* [[WARP (information security)]]

== Notes and references ==
<references/>

[[Category:Data security]]