Implementing ISMS for ABC Organisation

Verified

Added on 2019/09/20

AI Summary

The assignment is to plan the implementation of an Information Security Management System (ISMS) for a fictional organization, ABC, which has suffered three information security breaches in the past 18 months. As the Chief Information Security Officer (CISO), the task is to prepare a plan to achieve ISO 27001 certification by defining the scope of the ISMS, creating an information security policy statement, conducting a risk assessment, and selecting controls to mitigate identified risks.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Assignment 2
The organisation ABC has suffered 3 information security related breaches in the past 18
months and wants to implement an Information Security Management System (ISMS) to
address major shortcomings in its management of information security.
You have been recruited as the Chief Information Security Officer (CISO) and your first task
is to prepare a plan for implementing an ISMS within ABC, with the long term aim of
achieving ISO 27001 certification.
For the purpose of this assignment you are being asked to complete a number of tasks
associated with the planning stage of an ISMS.
Note: The organisation you choose as ABC can be in any industry or sector. It can be a real
organisation you are familiar with or a made-up organisation. You will need to clearly
describe the organisation and its systems when you define the scope of the ISMS.
Your assignment should incorporate all of the following elements:
• Define the Scope of the ISMS. The scope of the ISMS describes the boundaries of the
ISMS in terms of organisational characteristics such as location(s), business functions,
assets, and technology. It should include a list of important business functions that are
critical to the organisation’s mission and survival. It should also include a list of
important information, information technology and system assets.
• Prepare an information security policy statement for you chosen organisation. This
should include a statement of management commitment as well as setting out the
organisation’s approach to managing information security.
• Carry out a risk assessment that should identify at least 12 information security risks to
you chosen organisation, its network, systems and information. Use one of the risk
assessment models such as NIST SP 800-30. Identify relevant threat events and sources
and determine their relevance. Identify vulnerabilities (and their severity) within the
organisation that could be exploited by the threat events you identified. You should select
vulnerabilities that are appropriate to your chosen organisation. Determine the likelihood
of the threat events occurring and being successful, and the type and magnitude of the

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

adverse impacts to the organisation. Finally determine the level of each risk to the
organisation.
• Describe how you propose to respond to the risks you identified in the risk assessment.
Justify the response you have chosen for each risk. At least 6 of the risks should require
mitigation.
• Select information security controls to address the risks you have identified that need to
be mitigated. To address a particular risk you will typically require a number of controls.
Use the ISO 27002 list of controls and reference each controls selected (e.g. 7.1.1
Inventory of assets). Briefly describe how you would implement each of the selected
controls. You should include policies, procedures and technical controls.
Make whatever logical assumptions about the organisation ABC, its information systems and
its information security that you feel are necessary to give you adequate scope to complete
this assignment
• 3000 words (excluding Bibliography and Appendices).

1 out of 2

+13062052269

info@desklib.com

Implementing ISMS for ABC Organisation

Contribute Materials

Secure Best Marks with AI Grader

Related Documents

Managing IT Security and Risk

Cyber security Planning and Compliance (pdf)

Policy Management | Overview of Models

Importance of Information Governance and Cyber Security Threats

Risk of using BYOD in ABC Company

Technology Solution Individual Assignment