ISO 27001:2013 is revised version of ISMS standard based on Enterprise Risk Assessment focused on understating of Organizational Internal and External Aspects to cater all types of risk.
A Road Map for Information Security management System:
-
Create Security Council
-
Define scope of ISMS
-
Define Security Policy
-
Risk Assessment
-
Identify Assets
-
Identify Threats and Vulnerabilities
-
Evaluate Probability and Impact
-
Calculate Risk Value
-
Risk Management
-
Identify Controls to manage the risks
-
Implement controls (processes)
-
Evaluate controls periodically
-
Improve