ISMS

#Securing Information Systems ISMS ISO/IEC 27000 family NIST Risk Management Framework BSI 2000 family An ISMS is a systemic approach to managing information so that it remains secure. (It’s not an application) It includes people, processes and IT systems by applying risk mgmt processes. Information security risk is managed and kept at an acceptable leve by designing, implementing and maintaining a coherent set of security controls. our focus: Security controls Security Controls are safeguards or countermeasures to avoid, detect counteract, or minimize security risks to physical property, information, computer systems, or other assets.