Ask a question from expert

Ask now

Implementing an Information Security Management System (ISMS) for ABC Organization

2 Pages593 Words260 Views
   

Added on  2019-09-20

About This Document

This assignment focuses on implementing an Information Security Management System (ISMS) for ABC organization to address major shortcomings in its management of information security. It includes defining the scope of the ISMS, preparing an information security policy statement, carrying out a risk assessment, proposing responses to identified risks, and selecting information security controls.

Implementing an Information Security Management System (ISMS) for ABC Organization

   Added on 2019-09-20

BookmarkShareRelated Documents
Assignment 2 The organisation ABC has suffered 3 information security related breaches in the past 18months and wants to implement an Information Security Management System (ISMS) toaddress major shortcomings in its management of information security. You have been recruited as the Chief Information Security Officer (CISO) and your first taskis to prepare a plan for implementing an ISMS within ABC, with the long term aim ofachieving ISO 27001 certification. For the purpose of this assignment you are being asked to complete a number of tasksassociated with the planning stage of an ISMS. Note: The organisation you choose as ABC can be in any industry or sector. It can be a realorganisation you are familiar with or a made-up organisation. You will need to clearlydescribe the organisation and its systems when you define the scope of the ISMS. Your assignment should incorporate all of the following elements: Define the Scope of the ISMS. The scope of the ISMS describes the boundaries of theISMS in terms of organisational characteristics such as location(s), business functions,assets, and technology. It should include a list of important business functions that arecritical to the organisation’s mission and survival. It should also include a list ofimportant information, information technology and system assets. Prepare an information security policy statement for you chosen organisation. Thisshould include a statement of management commitment as well as setting out theorganisation’s approach to managing information security. Carry out a risk assessment that should identify at least 12 information security risks toyou chosen organisation, its network, systems and information. Use one of the riskassessment models such as NIST SP 800-30. Identify relevant threat events and sourcesand determine their relevance. Identify vulnerabilities (and their severity) within theorganisation that could be exploited by the threat events you identified. You should selectvulnerabilities that are appropriate to your chosen organisation. Determine the likelihoodof the threat events occurring and being successful, and the type and magnitude of the
Implementing an Information Security Management System (ISMS) for ABC Organization_1

End of preview

Want to access all the pages? Upload your documents or become a member.

Related Documents
Managing IT Security and Risk
|25
|7497
|68

Cyber security Planning and Compliance (pdf)
|11
|3109
|30

Policy Management | Overview of Models
|6
|1182
|24

Importance of Information Governance and Cyber Security Threats
|10
|2965
|32

Risk of using BYOD in ABC Company
|5
|948
|84

Technology Solution – Individual Assignment
|3
|1636
|375