An overview of the

Information Security Management System (ISMS) is a new concept in the field of Information Security developed from Britain around 1998. It is the application of Management System (MS) ideas and methods in the field of Information Security.

In recent years, along with the preparation and revision of international standards, ISMS has been rapidly accepted and recognized by the whole world, becoming an effective method to solve information security problems in various countries, organizations of various types and scales. As a result, ISMS certification becomes an effective way for an organization to demonstrate its information security level and capability to the society and its stakeholders.

Information security management system is a working system in which organizational units formulate information security management policies and strategies according to the requirements of relevant information security management system standards, and adopt risk management methods to carry out information security management plan, implementation, review and inspection, and improve the execution of information security management. The information security management system is established in accordance with the requirements of ISO/IEC 27001, which is developed from BS7799-2.

Information security management system ISMS is a standard for establishing and maintaining an information security management system. The standard requires an organization to establish an information security management system through activities such as determining the scope of the information security management system, formulating information security policies, clarifying management responsibilities, and selecting control objectives and methods based on risk assessment. Once the system is established, the organization shall operate according to the requirements stipulated in the system to maintain the effectiveness of the system operation; Information security management system should form a certain document, that is, the organization should establish and maintain a documented information security management system, which should elaborate the protected assets, organization risk management methods, control objectives and control methods and the need to ensure the degree。

Significance of standard Implementation

As a representative of the international information security management system standard, ISO 27001 has been all over the world government agencies, Banks, securities, insurance, telecom operators, network companies and many multinational companies has been widely applied, the standard has redefined the requirement for information security management system (ISMS), designed to help enterprises to ensure there is enough and the safety of the targeted control option. Through the establishment, operation and improvement of the information security management system, the relevant information management work of enterprises can be further standardized to ensure the security of enterprise cloud computing services.

The implementation of ISO27001 information security management system will bring many benefits to the enterprise, including proving that the internal control of the enterprise is independently guaranteed and meeting the requirements of corporate information management and business continuity; Independent proof of compliance with applicable laws and regulations; Provide competitive advantage by meeting contractual requirements and demonstrate to customers that their cloud security is protected; Being able to independently demonstrate that your cloud service-related risks have been properly identified, assessed, and managed while formalizing information security processes, procedures, and documentation; Demonstrate senior management's commitment to information security; Regular evaluation processes help to continuously monitor the performance of the business and ultimately improve it.