Difference between revisions 697390393 and 700650762 on enwiki

[[File:Risk Management Elements.jpg|thumb|Plan-Do-Check-Act Cycle]]
[[File:Isms framework.jpg|thumb|ENISA: Risk Management and Isms activities]]
An '''information security management system'''<ref>{{cite web|title=Security management system’s usability key to easy adoption|url=http://www.sourcesecurity.com/news/articles/co-4108-ga.8554.html|publisher=sourcesecurity.com|accessdate=22 August 2013}}</ref>  (ISMS) is a set of policies concerned with [[information securi(contracted; show full)
* The '''Do''' phase involves implementing and operating the controls.
* The '''Check''' phase objective is to review and evaluate the performance (efficiency and effectiveness) of the ISMS.
* In the '''Act''' phase, changes are made where necessary to bring the ISMS back to peak performance.

[[ISO/IEC 27001:2005]] is a risk
  -based information security standard, which means that organizations need to have a risk management process in place. The risk management process fits into the [[PDCA]] model given above.<ref>{{cite journal|last=Humphreys|first=Edward|title=Information security management system standards|journal=Datenschutz und Datensicherheit - DuD|date=8 March 2011|volume=35|issue=1|pages=7–11|doi=10.1007/s11623-011-0004-3}}</ref>

(contracted; show full)* [[Vulnerability (computing)]]
* [[WARP (information security)]]

== Notes and references ==
<references/>

{{Authority control}}
[[Category:Data security]]

All content in the above text box is licensed under the Creative Commons Attribution-ShareAlike license Version 4 and was originally sourced from https://en.wikipedia.org/w/index.php?diff=prev&oldid=700650762.

This site is not affiliated with or endorsed in any way by the Wikimedia Foundation or any of its affiliates. In fact, we fucking despise them.