SM, TaRA - 2 ISMS
Studied by 0 people
Learn
Practice Test
Spaced Repetition
Match
Flashcards1/21
There's no tags or description
Looks like no tags are added yet.
Name | Mastery | Learn | Test | Matching | Spaced |
|---|
No study sessions yet.
22 Terms
Management system
Set of interrelated elements to establish policies, objectives and processes to achieve those objectives :contentReference[oaicite:43]{index=43}
Information Security Management System (ISMS)
Systematic approach for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an organisation’s information security to achieve business objectives :contentReference[oaicite:45]{index=45}
ISO/IEC 27000 family of standards
Suite covering overview & vocabulary (27000), ISMS requirements (27001), controls guidance (27002), risk management (27005), auditing (27007/27008), privacy (27701), etc. :contentReference[oaicite:47]{index=47}
PDCA Cycle
Iterative method—Plan, Do, Check, Act—for continual improvement :contentReference[oaicite:49]{index=49}
Structure of ISO/IEC 27001:2022
Clauses 4–10 cover Context, Leadership, Planning, Support, Operation, Performance evaluation, Improvement; Annex A lists 93 controls :contentReference[oaicite:51]{index=51}
Context of the organisation
Understand internal/external issues; identify interested parties & requirements; determine scope; establish the ISMS :contentReference[oaicite:53]{index=53}
Leadership & commitment
Top management aligns ISMS with strategy, defines policy, assigns roles & authorities, provides resources :contentReference[oaicite:55]{index=55}
Planning
Determine actions for risks & opportunities; set measurable information security objectives; plan changes :contentReference[oaicite:57]{index=57}
Resources
Persons, time, financial resources, information, infrastructure/tools/materials necessary to perform activities :contentReference[oaicite:59]{index=59}
Competence
Ability to apply knowledge and skills to achieve intended results; ensure and verify competence :contentReference[oaicite:61]{index=61}
Awareness
Ensure personnel know ISMS policy, their roles and implications, from unconscious incompetence to automatic competence :contentReference[oaicite:63]{index=63}
Communication
Establish what, when, with whom and how to communicate (e.g., policies, incidents, performance) :contentReference[oaicite:65]{index=65}
Documented information
Levels 1–4 of strategic docs, procedures, forms, records; all docs required by Clauses 4–10 :contentReference[oaicite:67]{index=67}
Operation
Plan, implement & control ISMS processes including risk assessment & treatment; retain evidence of results :contentReference[oaicite:69]{index=69}
Performance evaluation
Monitor, measure, analyse & evaluate ISMS; conduct audits; hold management reviews :contentReference[oaicite:71]{index=71}
Improvement
Continual enhancement; address nonconformities and corrective actions :contentReference[oaicite:73]{index=73}
Nonconformity
Non-fulfilment of a requirement; minor if no MS capability impact, major if it does :contentReference[oaicite:75]{index=75}
Annex A controls
93 information-security controls grouped into organisational, people, physical & technological categories :contentReference[oaicite:77]{index=77}
Classification of controls by type
Organisational, People, Physical, Technological; mapped to control type, CIA, cybersecurity functions, capabilities & domains :contentReference[oaicite:79]{index=79}
Classification of controls by function
Preventive, Detective, Corrective :contentReference[oaicite:81]{index=81}
Certification
Implementation plan; certification body; Stage 1 doc review; Stage 2 compliance audit; 3-year cycle with annual surveillance :contentReference[oaicite:83]{index=83}
Note 
Flashcards (53)