What is the Information Security Management system?
- Part of the overall management system, based on business risk approach, to establish, implement, operate, monitor, review, maintain and improve information security (ISO definition)
Note: The management system includes organizational structure, policies, planning activities, responsibilities, practices, procedures, processes and resources.
- Influenced by the organization’s needs and objectives, security requirements, the processes employed and the size and structure of the organization.