Eight steps implemented by isms
1. Gap analysis (optional)
2. Establish an information security management organization
3. Define the scope of the information security management system
4. Identify and classify assets
5. Risk analysis
6. Risk management
7. Internal audit
8. Certification audit
Gap analysis-> definition scope-> asset identification and classification-> risk analysis-> risk disposal
|
internal audit-> certification audit
Gap analysis: iso27001 gap analysis is to compare the organization ’s current information security management practices with the iso27001 benchmark control measures in order to detect the current level of gaps.
1. Have a clear understanding of the current level of information security of the organization
2. List the weak and missing items of the information security control measures
3. The possible adverse effects of these weak security controls
4. Assess how much money, time and Personnel to implement the necessary control measures for the information security management system
