Ask a question to Desklib · AI bot
Implementing an Information Security Management System (ISMS) for ABC Organization
Added on -2019-09-20
This assignment focuses on implementing an Information Security Management System (ISMS) for ABC organization to address major shortcomings in its management of information security. It includes defining the scope of the ISMS, preparing an information security policy statement, carrying out a risk assessment, proposing responses to identified risks, and selecting information security controls.
| 2 pages
| 593 words
| 260 views
Trusted by 2+ million users,
1000+ happy students everyday
Assignment 2 The organisation ABC has suffered 3 information security related breaches in the past 18months and wants to implement an Information Security Management System (ISMS) toaddress major shortcomings in its management of information security. You have been recruited as the Chief Information Security Officer (CISO) and your first taskis to prepare a plan for implementing an ISMS within ABC, with the long term aim ofachieving ISO 27001 certification. For the purpose of this assignment you are being asked to complete a number of tasksassociated with the planning stage of an ISMS. Note: The organisation you choose as ABC can be in any industry or sector. It can be a realorganisation you are familiar with or a made-up organisation. You will need to clearlydescribe the organisation and its systems when you define the scope of the ISMS. Your assignment should incorporate all of the following elements: •Define the Scope of the ISMS. The scope of the ISMS describes the boundaries of theISMS in terms of organisational characteristics such as location(s), business functions,assets, and technology. It should include a list of important business functions that arecritical to the organisation’s mission and survival. It should also include a list ofimportant information, information technology and system assets. •Prepare an information security policy statement for you chosen organisation. Thisshould include a statement of management commitment as well as setting out theorganisation’s approach to managing information security. •Carry out a risk assessment that should identify at least 12 information security risks toyou chosen organisation, its network, systems and information. Use one of the riskassessment models such as NIST SP 800-30. Identify relevant threat events and sourcesand determine their relevance. Identify vulnerabilities (and their severity) within theorganisation that could be exploited by the threat events you identified. You should selectvulnerabilities that are appropriate to your chosen organisation. Determine the likelihoodof the threat events occurring and being successful, and the type and magnitude of the
Found this document preview useful?
You are reading a preview
Upload your documents to download
or
Become a Desklib member to get accesss
Paid Plans
Free Plan
Single Unlock
Monthly Plan
Yearly Plan