ISM (Information Security Management or Information Security Management) is a set of measures aimed at creating and maintaining stable infrastructure. ISM provides information storage, access to it, and user accounting.
Information security audit
The ISM structure is a wide set of processes and opportunities for taking organizational measures that ensure the protection of information interaction in the “user — service provider” format. The model provides information security of the organization’s infrastructure at different levels of data processing and provision.
There are 3 key components that require the provision of information security. They are considered the foundation for effective information security management:
- Secrecy. A set of measures that delimit the levels of access to data for specific business entities, following clearly defined regulations.
- Integrity. Immutability of stored information. The exception is the work with information by users who have the right to do so or are endowed with special powers.
- Availability. Protocols through which specific users can get prompt and stable access to stored data.
Information security models are considered taking into account the specifics of the business. In other words, the model changes for each situation depending on the requirements for the informatization object. The most effective methods involve ensuring the safety of every process in the organization. They consider it as a single process, excluding the provision of access to information to unauthorized persons.
Components
ISM elements that are considered mandatory:
- Compliance with the rules of the information security policy when creating and including data in the business environment.
- The need to perform all business processes according to security requirements.
- Creation and use of a special set of protocols that prevent the risk of unauthorized access to the company’s information systems. They also exclude the occurrence of any failures and loss of information.
- Logging of any incidents, failures that occurred during operation, as well as their consequences — “damage”.
- Identification of vulnerable parts in corporate processes of the enterprise.
- Systematic research and modernization of protection mechanisms with their further connection to all corporate elements.
All the above-described ISM elements must be consistent with each other. Changes in this structure must also be agreed upon between the customer and the ISM service provider.