Abstract
Abstract News about various information security attacks against companies appears almost every day. The sources of these attacks vary from cyber-criminals who want to steal companies’ data to demand a ransom, to current or former employees who want to create damage to the organization. The best way to defend organizational critical assets is to implement an Information Security Management System that secures all sensitive assets from confidentiality, availability and integrity perspective. An Information Security Management System offers top management a framework for sensitive information flow control. This framework includes with a risk assessment that considers the security threats and vulnerabilities of the company’s assets. Companies usually implement Information Security Management System only after they have a functional quality management system, which brings clarity and optimization to the company’s processes. Current approaches on creation and implementation of effective Information Security Management System are very theoretical and thus difficult to use in practice. The main objective of this paper is to present an Information Security Management System implementation method in the case of a small company by defining the basic steps in achieving a fully functional Information Security Management System. The proposed methodology considers the top management Information Security Management System objectives, organizational context, risks assessment and third parties expectations fulfillment.
Highlights
Any organization is exposed to various information security attacks that can target its sensitive information
A high number of Information Security Management System (ISMS) deficiencies have been found in the sampled companies from the study, after the first iteration of their chosen ISMS implementation methodology
Most of the deficiencies were found in the human resource process due to the lack of commitment of the employees, and in the IT process due to the short implementation time
Summary
Any organization is exposed to various information security attacks that can target its sensitive information. These kinds of attacks are possible, as vulnerabilities can be exploited by specific threats, the result of such exploitation is the impact on the financial state and the reputation of the companies. As any company can have several management systems already implemented before ISMS, it is crucial to integrate this management system within the current ones for a successful effectiveness of the organizational processes. The purpose of this integration is to have one single management system that manages all the challenges of the company, including the security ones. The ISMS must, have an internal integration between PICBE | 477 its components: strategy, people, organization, technology (AlHogail, 2015)
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callMore From: Proceedings of the International Conference on Business Excellence
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
