Home >> Solutions >> Information Security Management Systems
Information Security Management Systems

Global Security Network provides Information Security Implementation Consulting and Training services based on ISO/IEC 27001:2005 as well as the Abu Dhabi Systems & Information Centre (ADSIC) "Information Security Program" applicable for Abu Dhabi Government Departments.

Why do we need an Information Security Management System?

Information is the lifeblood of an organization and is therefore essential for its survival. Vital business information is exposed to a variety of threats like computer hackers, online fraudsters, internal nefarious users, espionage, sabotage, fire, and flood that can affect its confidentiality, integrity or availability. Such information therefore needs to be suitably protected from these types of threats via adequate information security controls.
Information security controls implemented without a proper framework or management system could lead to gaps in security that can be exploited by internal or external threats. A management system for security based on international standards and driven by top-management is required to achieve comprehensive information security.

Global Security Network can help an organization to establish an Information Security Management System (ISMS) by carrying out the following activities:

Define High level ISMS policy

• Objectives for establishing information security in the organization
• Aligned with enterprise risk management
• Adapted to business, legal/regulatory and contractual security obligations

Conduct Information Security Risk Assessment

• Identification, valuation and classification of Information Assets
• Identification of threats and vulnerabilities pertaining to Information Assets
• Risk analysis and evaluation
• Risk treatment options

Develop Controls for Risk Reduction

• Selection of control objectives and controls from ISO / ADSIC standards based on the results of the risk management process
• Development of Information Security Policies that are aligned with the high level ISMS Policy
• Development of certain Information Security Procedures, Processes and Guidelines
• Recommendation of other tools to mitigate risk

Document Statement of Applicability

• Controls selected and reason for their selection
• Controls excluded and reason for their exclusion
• Controls currently implemented

Formulate Risk Treatment Plan

Conduct Security Testing for Effectiveness of Implemented Controls

Assistance for Internal Audit

Preparation for ISO / ADSIC Certification & Accreditation