DISC InfoSec blog

Information Security Wordle: RFC2196 - Site Security Handbook (Photo credit: purpleslog)

1. Business managers of the organizations will make informed decisions regarding potential risk and should be able demonstrate compliance with standards and regulations such as SOX, GLBA, HIPAA, DPA to their critical information on regular basis.

2. An ISMS is a defensive mechanism to any APT (advanced persistent threat) to minimize the impact from these external threats of various cybercrime.

3. Informed information security decisions will be made based on risk assessment to implement technical, management, administrative and operational controls, which is the most cost effective way of reducing risk. Highest priority risks are tackled first to attain best ROI in information security.

4. Information security is not an IT responsibility; In general everybody in an organization is responsible for protecting information assets and more specifically business manager. The business manager may delegate their responsibility.

5. Organization will improve credibility and trust among internal stakeholder and external vendors. The credibility and trust are the key factors to win a business.

6. ISMS raises awareness throughout the business for information security risks, involve all employees throughout an organization and therefore lower the overall risk to the organization.

Related articles

• Achieve Best Practice & Win New Business with International IT Standards (deurainfosec.com)
• Great ISMS mindmap / diagram (spaceforit.com)
• Download the full version of the ITIL and/or ISO27001 toolkit today! (deurainfosec.com)
• Google Apps earns ISO 27001 certification (net-security.org)