Scribd
Upload
21 views4 pages

ISM Framework for Information Security

Uploaded by

popobhowmik
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
21 views4 pages

ISM Framework for Information Security

Uploaded by

popobhowmik
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

ITIL - Information Security Management

Information Security Management (ISM) ensures confident ialit y, aut hent icit y, non-repudiat ion,
int egrit y, and availabilit y of organizat ion dat a and IT services. It also ensures reasonable use of
organizat ion’s informat ion resources and appropriat e management of informat ion securit y risks.

Information Security Manager is the process owner of this process.

Informat ion securit y is considered t o be met when −

Informat ion is observed or disclosed on only aut horized persons


Informat ion is complet e, accurat e and prot ect ed against unaut horized access (int egrit y)

Informat ion is available and usable when required, and t he syst ems providing t he
informat ion resist at t ack and recover from or prevent failures (availabilit y)

Business t ransact ion as well informat ion exchanges bet ween ent erprises, or wit h
part ners, can be t rust ed (aut hent icit y and non-repudiat ion)

ISM Security Policy


It is required for ISM securit y policies cover all areas of securit y, be appropriat e, meet t he needs
of business and should include t he policies shown in t he following diagram −
ISM Framework

ISM Process

The following diagram shows t he ent ire process of Informat ion Securit y Management (ISM) −

Key elements in ISM Framework


ISM framework involves t he following key element s −

Control

The object ive of Cont rol element is t o −

Est ablish an organizat ion st ruct ure t o prepare, approve and implement t he informat ion
securit y policy

Allocat e responsibilit ies

Est ablish and cont rol document at ion

Plan
The purpose of t his element is t o devise and recommend t he appropriat e securit y measures,
based on an underst anding of t he requirement s of t he organizat ion.

Implement

This key element ensures t hat appropriat e procedures, t ools and cont rols are in place t o underpin
t he securit y policy.

Evaluation

The object ive of Evaluat ion element is t o −

Carry out regular audit s of t he t echnical securit y of IT syst ems

Supervise and check compliance wit h securit y policy and securit y requirement s in SLAs
and OLAs

Maintain

The object ive of Maint ain element is t o −

Improve on securit y agreement s as specified in, for example, SLAs and OLAs

Improve t he implement at ion of securit y measures and cont rols

Preventive

This key element ensures prevent ion from securit y incident s t o occur. Measures such as cont rol
of access right s, aut horizat ion, ident ificat ion, and aut hent icat ion and access cont rol are required
for t his prevent ive securit y measures t o be effect ive.

Reductive

It deals wit h minimizing any possible damage t hat may occur.

Detective

It is import ant t o det ect any securit y incident as soon as possible.

Repressive

This measure is used t o count eract any repet it ion of securit y incident .
Corrective

This measure ensures damage is repaired as far as possible.

You might also like