Browse Definitions :
Definition

information security management system (ISMS)

An information security management system (ISMS) is a set of policies and procedures for systematically managing an organization's sensitive data. The goal of an ISMS is to minimize risk and ensure business continuity by pro-actively limiting the impact of a security breach. 

An ISMS typically addresses employee behavior and processes as well as data and technology. It can be targeted towards a particular type of data, such as customer data, or it can be implemented in a comprehensive way that becomes part of the company's culture. 

ISO 27001 is a specification for creating an ISMS. It does not mandate specific actions, but includes suggestions for documentation, internal audits, continual improvement, and corrective and preventive action.

This was last updated in January 2011

Continue Reading About information security management system (ISMS)

SearchCompliance
  • OPSEC (operations security)

    OPSEC (operations security) is a security and risk management process and strategy that classifies information, then determines ...

  • smart contract

    A smart contract is a decentralized application that executes business logic in response to events.

  • compliance risk

    Compliance risk is an organization's potential exposure to legal penalties, financial forfeiture and material loss, resulting ...

SearchSecurity
  • identity provider

    An identity provider (IdP) is a system component that provides an end user or internet-connected device with a single set of ...

  • remote access

    Remote access is the ability for an authorized person to access a computer or network from a geographical distance through a ...

  • malware

    Malware, or malicious software, is any program or file that is intentionally harmful to a computer, network or server.

SearchHealthIT
SearchDisasterRecovery
  • synchronous replication

    Synchronous replication is the process of copying data over a storage area network, local area network or wide area network so ...

  • What is risk mitigation?

    Risk mitigation is a strategy to prepare for and lessen the effects of threats faced by a business.

  • change control

    Change control is a systematic approach to managing all changes made to a product or system.

SearchStorage
  • cold storage

    Cold storage is a computer system or mode of operation designed for the retention of inactive data.

  • tiered storage

    Tiered storage is a method for assigning different categories of data to various types of storage media to reduce overall storage...

  • secondary storage

    Secondary storage is persistent storage for noncritical data that doesn't need to be accessed as frequently as data in primary ...

Close