ITIL Foundation Online Training - $47/mo Description: 14+ Hours, 200+ Practice Questions, Lifetime Access, 100% Online, Self-paced Click Here

10 Full ITIL Mock Exams for only $25/mo.Check if you are ready to take the ITIL Exam and crack it in the first attempt Click Here

Friday, March 16, 2012

Important Concepts in Information Security Management

The following are some concepts that you need to know about Information Security Management for the ITIL exam.

Information Security Policy

The Information Security Policy should support and be aligned to the business security policy. It should include policies covering the use of IT assets, email, the internet, important documents, remote access, access by third parties (such as suppliers) and asset disposal. In addition, it defines the approach to resetting passwords, maintaining anti-virus controls and classifying information. These policies should be available to all customers and users as well as to IT staff, and compliance to the policy should be referenced in all internal agreements and external contracts. The policy should be reviewed and revised on at least an annual basis.

Information Security Management System

The Information Security Management System (ISMS — also referred to as the Security Framework) helps establish a cost-effective security program to support business objectives. The objective of the ISMS is to ensure that appropriate controls, tools and procedures are established to support the Information Security Policy.

The image below shown an example framework widely used and based on the ISO 27001 standard that gives the five stages of the ISMS and the scope of each stage.

Prev: Goals, Purpose & Objectives

Next: Controlling Access to Facilities

No comments:

Post a Comment


© 2013 by All rights reserved. No part of this blog or its contents may be reproduced or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, or otherwise, without prior written permission of the Author.


Popular Posts