Information Security Management System (ISMS) is the application of management system (MS) ideas and methods in the field of information security; it is the establishment of information security management policies, objectives and strategies by an organization in the overall or specific scope. , the use of risk management methods to carry out information security management planning, implementation, review and inspection, and improved information security management implementation work system; it is the result of direct management activities, expressed as policies, principles, goals, methods, processes, checklists and other elements collection.
In recent years, with the formulation and revision of ISMS international standards, ISMS has been rapidly accepted and recognized by the world, and has become an effective method for organizations of various types and sizes in the world to solve information security problems. ISMS certification has subsequently become an effective way for organizations to demonstrate their information security level and capability to society and its stakeholders.
In today's society with developed network technology, the problem of information security is becoming increasingly prominent. System paralysis, hacker intrusion, virus infection, loss of customer data and leakage of internal company data, etc., these security problems affect the management of enterprises and even endanger the survival of enterprises.
Once the information security management system (ISMS) is established, the organization should operate according to the requirements of the system to maintain the effectiveness of the system operation; the information security management system should form certain documents, that is, the organization should establish and maintain a documented information security management system , which should describe the assets to be protected, the organization's approach to risk management, control objectives and control methods, and the degree of assurance required.
Information security is required for every enterprise or organization, so information security management system certification has universal applicability and is not limited by region, industry category and company size. Judging from the current situation of certified enterprises, most of them involve industries such as telecommunications, insurance, banking, data processing centers, IC manufacturing and software outsourcing.