Activity 2 - ISMS

Financial risk management

Information security management

Environmental management

Quality management

ISO 27001

ISO 27003

ISO 27005

ISO 27004

Information security risk assessment methodology

Guidance on implementing an Information Security Management System (ISMS)

Security controls for data protection

Metrics and reporting of ISMS effectiveness

The requirement for a full-time Chief Information Security Officer (CISO)

A stronger emphasis on the involvement of top management in the ISMS

Introduction of a dedicated security department

Mandating employee cybersecurity awareness training

Information security management framework

Guidance on security control testing

Monitoring and measurement of the ISMS

Implementation of cryptographic controls

To identify, evaluate, and treat information security risks

To monitor the effectiveness of security policies

To measure the financial impact of security incidents

To define the organizational structure for information security

To create backup systems for information storage

To safeguard personal data from unauthorized access

To ensure ongoing confidentiality, integrity, and availability of data

To ensure compliance with local regulations only

Reviewing the effectiveness of security controls

Establishing the information security objectives

Implementing the ISMS policies and controls

Conducting internal and external audits

Cloud Security, Business Continuity, Physical security of hardware

Web Filtering, Threat Intelligence, Data Leakage Prevention

Access Control, Web Filtering, BCP Drill

Outsource Development, BYOD, Threat Intelligence

Ensuring systems are developed in compliance with ISO 27001 standards

Managing risks associated with the acquisition and ongoing development of information systems

Enforcing continuous monitoring of system vulnerabilities

Ensuring that all software used by an organization is open-source