Home
Topics
Security management
Enterprise risk management strategies
information security management system (ISMS)

Definition

information security management system (ISMS)

An information security management system (ISMS) is a set of policies and procedures for systematically managing an organization's sensitive data. The goal of an ISMS is to minimize risk and ensure business continuity by pro-actively limiting the impact of a security breach.

An ISMS typically addresses employee behavior and processes as well as data and technology. It can be targeted towards a particular type of data, such as customer data, or it can be implemented in a comprehensive way that becomes part of the company's culture.

ISO 27001 is a specification for creating an ISMS. It does not mandate specific actions, but includes suggestions for documentation, internal audits, continual improvement, and corrective and preventive action.

Related glossary terms: Mahindra Special Services Group (MSSG) , Cyberoam, vulnerability and patch management , Seclore Technology (Seclore)

This was last updated in January 2011

Posted by: Margaret Rouse

Email Alerts

Register now to receive SearchSecurity.in-related news, tips and more, delivered to your inbox.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

More News and Tutorials

Can network security devices replace firewalls?

There are many new network security devices on the market today. Expert Chris Partsenidis opines on whether these can replace firewalls.
With DLP, encryption and integration strengthen security policies

Encryption and DLP integration can be used to enhance and strengthen security policies for sensitive data, and for blocking and enforcement actions.
Emerging threats include kinetic attack, offensive forensics: RSA 2013

At RSA 2013, experts Ed Skoudis and Johannes Ullrich explained how the SANS CyberCity supports offensive forensics and helps prevent kinetic attacks.

Do you have something to add to this definition? Let us know.

Send your comments to techterms@whatis.com

Research More Tech Terms

Search thousands of tech definitions
Browse tech definitions
Browse Alphabetically:
- A
- B
- C
- D
- E
- F
- G
- H
- I
- J
- K
- L
- M
- N
- O
- P
- Q
- R
- S
- T
- U
- V
- W
- X
- Y
- Z
- #

Powered by WhatIs.com

File Extensions and File Formats

File Extension and File Formats List:

A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Z
#

Powered by WhatIs.com

More from Related TechTarget Sites

CIO
Data Center
Business Intelligence
Security
SMB Security
Financial Security

CIO
- Indian health care needs IT boost
  
  Health care providers in India will spend 57 billion rupees on IT products and services in 2013 compared to 53 billion rupees spent in 2012.
- Indian enterprises invest in IT for growth
  
  In 2013, Indian CIOs increasingly will spend money on IT aimed at helping their business grow, according to a joint survey from the CIO Klub and Ernst & Young India.
- As IT pervades the enterprise, here comes the chief procurement officer
  
  The rise of the chief procurement officer raises questions about the role of IT.
Data Center
- Making mainframe technology hip again
  
  IBM keeps improving mainframe technology, but what is the long-term forecast for big iron as third-party tools decline and mainframe experts retire?
- Determining the best Linux distribution for your enterprise
  
  There are many flavors of Linux, making the selection process for the best Linux distribution for your business difficult to whittle down.
- Cloud critical to e-governance in India
  
  The Government of India is expanding e-governance throughout the country and is working on embracing cloud computing for it.
searchBusinessIntelligenceIN
- Exploring the 'Big Data Frontier'
  
  IT business strategist Harvey Koeppel draws on historical data to explore the 'Big Data Frontier' and its potential to profoundly change the world.
- Making mobile BI applications a reality: Key steps to take
  
  In a podcast, BI expert William McKnight discusses best practices and action items for managing deployments of mobile business intelligence tools.
- Get execs to get it on the business value a BI program can bring
  
  Backing from top executives can be crucial on business intelligence projects, and BI managers shouldn't shy away from the challenge of getting them on board.
Security
- IT certification guide: Vendor-specific information security certifications
  
  Experts Ed Tittel and Mary Lemons provide a 2013 overview of vendor-specific information security certifications available.
- Introduction: Vendor-neutral security certifications for your career path
  
  Ed Tittel and Mary Lemons offer the definitive primer for vendor-neutral security certifications in 2013.
- SearchSecurity.com's IT security certifications guide
  
  Afraid of making a wrong turn in your career? Our newly updated 2013 guide to information security certifications maps out all your options.
searchMidmarketSecurity
- Windows Phone 7 security: Assessing WP7 security features
  
  Windows Phone 7 security features are proving to be a mixed bag. Sam Cattle assesses the enterprise security pros and cons of the latest Windows mobile platform.
- Choosing the best security certifications for your career
  
  Whether starting your career or planning your next step as an IT security professional, this tip will guide you toward the best certifications for your interests and experience.
- Midmarket security tutorials
  
  SearchMidmarketSecurity.com’s tutorials offer IT professionals in-depth lessons and technical advice on the hottest topics in the midmarket IT security industry. Through our tutorials we seek to provide site members with the foundational knowledge needed to deal with the increasingly challenging job of keeping their organizations secure.
searchFinancialSecurity
- PayPal CISO: Laws must foster better cybersecurity information sharing
  
  PayPal's Michael Barrett says many firms fear misuse of shared cybersecurity data. He also discusses the evolution of PCI DSS and mobile payment security.
- Cybergang plans to use Trojan against U.S. banks
  
  A cybergang in Eastern Europe revealed plans to attack U.S. banks with a Gozi-like Trojan, according to RSA.
- Improved Shylock Trojan targets banking users
  
  The latest variant of the banking Trojan is causing numerous problems, Symantec said.

All Rights Reserved,Copyright 2009 - 2013, TechTarget