Information Security Management System
Assign topic to the user
Would you advise (feasible) and what recommendations would you give during or after the design of the ISMS an application be developed to carry out an automated and adequate management and monitoring of information security, with traceability when implementing an Information Security Management System ( ISMS)?
Please note that while some activities, like risk assessment and internal audit, require a lot of analysis and evaluation work to be done, and it is not possible to automate them, because some decisions require a human feeling and perception of the business environment that a machine cannot properly evaluate, some activities you can be automated, such as:
- collect data from existing databases (e.g. to help identity assets if an asset-threat-vulnerability risk assessment approach is used)
- compare data gathered with risk level limits to warn about risks that require further analysis
- organize and present data for decision making.
Considering that, in the development of an ISMS application to fulfill your needs, you need first identify which requirements this application needs to meet, to see the level of automation you can reach, and if this is enough for your purposes.
This article will provide you a further explanation about the use of tools:
- When to use tools for ISO 27001/ISO 22301 and when to avoid them https://advisera.com/conformio/blog/2021/06/24/toolkit-vs-conformio-which-is-more-applicable-for-my-company/
Comment as guest or Sign in
Sep 16, 2020