An Information Security Management System (ISMS) is a management system based on a systematic business risk approach, to establish, implement, operate, monitor, review, maintain, and improve information security. It is an organizational approach to information security.
Information Security Management System (ISMS) is the name given to a comprehensive framework by which business enterprises and other organizations can appropriately manage information while protecting classified information. Not limited to computer system security measures, this offers a total risk management system that includes basic policies (security policies) for handling of information, concrete plans based on those polices, implementation and operation of plans, and periodic reassessment of objectives and plans.
Information Security Management System is applicable for commercial enterprises, government agencies and non-profit organizations. It specifies the requirements for establishing; implementing, operating, monitoring, reviewing, maintaining and improving documented ISMS within the context of the organization’s overall risk management processes. It specifies requirements for the implementation of security controls customized to the needs of individual organizations or parts thereof.
Please Ref: ProITsec
