Difference between revisions 645456430 and 648897935 on enwiki

[[File:Risk Management Elements.jpg|thumb|Plan-Do-Check-Act Cycle]]
[[File:Isms framework.jpg|thumb|ENISA: Risk Management and Isms activities]]
An '''information security management system'''<ref>{{cite web|title=Security management system’s usability key to easy adoption|url=http://www.sourcesecurity.com/news/articles/co-4108-ga.8554.html|publisher=sourcesecurity.com|accessdate=22 August 2013}}</ref>  (ISMS) is a set of policies concerned with [[information security]] management or [[IT risk|IT related risks]]. The idioms arose primarily out of [[BS 7799]].

The governing principle behind an ISMS is that an organization should design, implement and maintain a coherent set of policies, processes and systems to manage risks to its [[asset (computing)|information assets]], thus ensuring acceptable levels of information security risk.

== ISMS description ==
As with all management processes, an ISMS must remain effective and efficient in the long term, adapting to changes in the internal organization and external environment. [[ISO/IEC 27001:2005]] therefore incorporated the "Plan-Do-Check-Act" ([[PDCA]]), or ''Deming'' cycle, approach:
* The '''Plan''' phase is about designing the ISMS, assessing information security risks and selecting appropriate controls.
* The '''Do''' phase involves implementing and operating the controls.
* The '''Check''' phase objective is to review and evaluate the performance (efficiency and effectiveness) of the ISMS.
* In the '''Act''' phase, changes are made where necessary to bring the ISMS back to peak performance.

(contracted; show full)* [[Threat (computer)]]
* [[Vulnerability (computing)]]
* [[WARP (information security)]]

== Notes and references ==
<references/>

[[Category:Data security]]