BCMS
ISO/IEC 27001
ISO/IEC 27002
ISMS Protocol
FAQ

ISMS based ISMS ISO/IEC 27001BRS ISMS ISO/IEC 17799 security assessment team

BRS ISMS (Information Security Management System) provides security management system certification through an independent third-party assessment of competent professionals. BRS ISMS requires that organization meet their legal obligations, regulatory requirements and contractual agreements, which provides for ISO / IEC 27001 takes the role as management tool for regulatory basis. BRS certification provides confidence to stakeholders that the security of information management practices and methods are effective. Consideration needs be given to ISMS as follows;

Security Policy – Establishes the basis for implementation and the directive relevant to security and protection of information such that is concurrent with business objectives in promoting continual competence and actions enhancing security.

Organizational Security – Requires implementation of the fundamentals to manage and control flow of information under secure protocols within the organization's premises and outsourced activities.

Classification and Control of Assets – Identification, evaluation and assets risk assessment such that are controlled and protected to the magnitude of impact to the business activities

Security & Personnel – Providing guidance and awareness on internal and external threats in support of the policy and technostructure objectives assisting the continuity of business activities such that information flows into knowledge.

Access Control and Systems (Physical & Micro Environment) – Controlling access of data and information such that the threat of intrusion is prevented, minimized or eliminated through network protection and standardized practices in the physical or virtual realm. Protection control includes wireless communication / technology on-site or remote. In the 2013 version organizations have freedom of choice in identifying, analyzing and controlling threats.

Computer & Network Management for Communications and Operations – Given consideration to a normalized scheme to safeguard the integrity of information and data entered, retained and recoverable throughout the network environment; including supporting maintenance activities to reduce system failures and plan for contingencies. 

Controls for Accessing – Establishing and maintaining the necessary controls to access and communicate information through a network (WI FI, LAN...).

Business Requirements for Controlling Access – Information security requires controls allowing access to those needing and authorized to use system assets to information.

Development and Maintenance; Hardware, Software and Firmware – Implementing security as an integral component of the organization's routine activities such that confidentiality and authenticity are inclusive in support of the integrity of the information, which includes maintaining updates, patches and evaluation to preclude impact by discontinuance of technology.

Physical and Security Environment – The physical security of the premises is an integral component of successful information security strategy assisting in the achievement of the security policy such that minimizes the impact to business continuance created by any breach in the physical or virtual environment.

Compliance – Identify and establish responsibilities and provide awareness relevant to regulatory obligations and its implications and impact. (consider within the USA HIPAA, Sarbanes-Oxley, Gramm-Leach-Bliley Acts and many others sectors and ruling specifics, and the national equivalents).   

Business Continuity Management – Requires strategic planning, test, and reliable continuance of operations through a disaster recovery policy.

Further, Investigative Process is typically a three-step plan:

  1. Initial Analysis... investigation of causes and affects...
  2. Coordination... coordinate with the investigative team including those affected or potentially affecting... identify action(s)...
  3. Decision... implement mitigation and place back the affected system promptly... and acting on best viable preventive measures and implementation...

 

 

Copyrights BRS  2017
Last Modified 10 June, 2017