What is a information security management system (ISMS)?
Information security is defined as the “preservation of confidentiality, integrity and/or availability (CIA) for information in any form”. Thus, an information security management system (ISMS) is simply a Management System (plan, do, check, act) umbrella over the “preservation of CIA”.
The international organization of standards (ISO) auditable requirements for information security management systems (ISMS) is known as ISO 270001. The entire ISO 27000 series of standards are all focused on information security including: vocabulary, definitions, implementation guidance for each ISO 27001 clause 4-10 generic requirements and specific controls for certain industries or types of assets.
