What is ISMS,CIA Triad

As per ISO/IEC 27000:
“Information (knowledge or data) is an asset which, like other important business assets is of value to an organization and consequently needs to be suitably protected”.

Information can be:

• Created, Stored
• Modified, Destroyed
• Processed, Transmitted
• Used, Lost, Corrupted

Information Security: Preservation of Confidentiality, Integrity and Availability (CIA) of information.
In addition, other properties, such as authenticity, accountability, non-repudiation, and reliability can also be involved.
CIA Triad
Confidentiality is the degree to which access to information is restricted to a defined group authorized to have this access.
Integrity is the degree to which the information is up to date and without errors (Correctness & Completeness)
Availability is the degree to which information is Available for the user and for the information system that is in operation the moment the organization requires it.

Information Security – Is it Management or Technology?

80% Management i.e. IS-Policy, Processes etc.

and

20% Technology i.e. Tools, Firewall, Servers, Components etc.

The goal of an ISMS is to achieve Information security objectives (and manage information security risks) of the Organization in a structured and effective way.

By designing, implementing, managing, and maintaining an ISMS, organizations can protect their confidential, personal, and sensitive data from being compromised.

The components that constitute ISMS includes:

• Policies
• Processes
• Procedures
• Roles & Responsibilities

Why the need for ISMS?

• Senior Management – Wants to know the status of Information Security in their Organization in hand.
• Security Incidents – Nature of threats are changing and Security Incidents are growing day-by-day. Hence it is important to protect the business from threats.
• Marketing – Gives competitive edge in marketing of products/service with security
• Clients / Stakeholders – Requirements for contracts/condition for RFP