ISMS- Welco

Information Security Management System

Abstract

The study attempts to explain the methodologies and steps that need to be focused while designing the information security management system for Welco. It also describes the ways through which managers can mitigate with the risks that company's security system will face and define techniques how to cope up with them.

Table of Contents

Abstract2

Introduction2

Discussion3

Information security process4

Why information security is difficult?4

ISMS and relevant standards5

Designing ISMS5

Terminology5

Authorization and ownership5

The environment5

Building ISMS6

Step - 1: Risk Assessment6

Step - 2: Top down approach6

Step - 3: Functional roles6

Step - 4: Write the Policy7

Step - 5: Write the Standards7

Step - 6: Write the guidelines and procedures7

Controls8

Maintaining an ISMS8

Activity implementation8

Treatment of risks, selection of controls.9

Methodological Support Information System10

Practical examples of ISMS10

HIPPA10

GLBA and BITS11

Conclusion11

Recommendation12

References14

Information Security Management Systems

Introduction

Information Security Management System is that process through which the value of each organization's information assets can be assessed and get protected with the ongoing basis if get appropriate. The organizations information gets stored and can be used and transmitted through various media, few of which are to be tangible. E.g. paper, also there are some intangible, including the ideas of the employees. The preservation of the value of information has become a question for media protection where it is contained.

The building up of the information security management can be achieved only if the systematic assessment of system, technologies along with media which is used for information asset, the cost appraisal to the security breaches. Along with the development of measures of threats, taking it simply, the management of information security basically recognizes the organizations vulnerable spots and builds armour plating in order to protect them.

The media diversity used for the assets of organizations information is one difficulty to overcome in developing the management of security system. There lies many difficulties and among them few are following;

The effective security information measures are often in counter with the mission of the organization. As in, the most secure way to keep a computer safe is to keep no access to the computer.

The need of requirement to the respect to the users of the organization's information just for the employees to continue the jobs more organize.

It is clear from the studies that there found no possible solution that can cater to all security issues. The only way is to design a strategy that can work as a fit for the purpose of solution and achieve a balance among the possible risks and protections that are to be faced. This study will describe the possible risks that Welco can encounter with its security designing concerns and will also address the design to cope up with the risks it could face.

Discussion

Information is one of the main assets of organizations. The defence of this asset is an essential task to ensure the continuity and development of the business and is also a legal requirement (protection of intellectual property, data protection, services for the information society), and also moved confidence to customers and / or users. The greater the value of information, the greater the ...