An Information Security Management System (ISMS) is a set of policies concerned with information management. The key concept of ISMS is for an organization to design, implement and maintain processes and systems for effectively managing information accessibility, thus ensuring the confidentiality, integrity and availability of information assets and minimizing information security risks. All training, implementation of anti-virus software, firewalls, and laptop safety policies fall under ISMS.

The best way to create and maintain an ISMS is to follow a “Plan-Do-Check-Act” policy. The ‘plan’ phase helps you determine what needs to be done, such as install a firewall or anti-virus program. The ‘do’ phase implements these controls. In other words, such software is installed. The ‘check’ phase allows you to review and evaluate these security measures to determine if they are effective. Finally, the ‘act’ phase allows you to make the necessary changes.

Items to Consider for an ISMS:

• Anti-Virus Software
• Firewalls
• Passwords
• Free software download policies
• Blocking email embedded links
• Email filters
• Separate work and personal email policies
• Email naming system policies
• Purchasing online policies
• Encryption
• Old hardware policies
• Updating programs with patches
• Authentication processes
• Privilege Access processes

Concerned about your company’s Internet security?