Information Security Management System (ISMS) program is a cybersecurity framework that helps organizations consistently and proactively protect their information assets. ISMS program is established under a cybersecurity governance roof that oversees cybersecurity activities with the following cybersecurity artifacts:
ISMS program leverages industry accepted frameworks, standards and best practices including ISO 27000 series, NIST, TOGAF, SABSA, Cloud Security Alliance, COBIT, and COSO. ISMS program also leverages regulatory compliance mandate and guidelines including PCI DSS, GDPR, PIPEDA, and OSFI.
Information Assets - identify which systems, data, hardware, software, cloud services, network infrastructure and business capabilities need to be protected. The following artifacts will guide how information assets should be governed:
Vulnerabilities - identify vulnerabilities associated with the information assets. The following artifacts will guide how vulnerabilities should be identified:
Vulnerability Management Standard
Vulnerability Management Process and Procedures
Threats - identify threats and threat actors that might impact the security posture of your organization's information assets. The following artifacts will guide how threats and threat actors should be identified:
Cybersecurity Controls - identify which security controls (countermeasures) are established and their effectiveness. The following artifacts will guide how cybersecurity controls and their effectiveness should be identified:
Data Security
Identity Access Management
Protective Cybersecurity Technology
Cybersecurity Training and Awareness
Security Anomalies and Events
Cybersecurity Monitoring
Cybersecurity Detective Technology
Detection Process and Procedures