An Information Security Management System (ISMS) represents a systematic approach for designing, implementing, maintaining, and auditing an organization’s information system security objectives. As with any process, if an ISMS is not continually monitored, its effectiveness will tend to deteriorate.
For this task you will be using the attached “Healthy Body Wellness Center Risk Assessment” case study. In this task, you will be writing a 1–2 page white paper outlining the scope of an
ISMS plan for the Healthy Body Wellness Center and an evaluation of the previously conducted risk assessment.
The first step in initiating an ISMS is to form a committee of upper level management that would
set …show more content…
Task 2 – Information Security Management System (ISMS)
Part A – Based on the given scenario, you are to define the scope of the organization’s ISMS by answering the following questions: o o o o o Business objectives
Guiding security principles
Processes that should be included in scope
Information systems that should be included in the scope
IT infrastructure, including a description of the information flow
A1. Business Objectives. What are the objectives of the OGG, which will be covered by the ISMS? What exactly does the HBWC OGG do?
A2. Guiding Security Principles. For the guiding security principles section, the evaluators are looking for general security principles that the organization will use and consider in writing the ISMS plan. An example would be the security principles of confidentiality, integrity, and availability (CIA triad). Think about general management principles. How do these principles apply to the scenario?
A3. Processes. What are the processes that will be controlled by the ISMS? PCDAWhat are some processes that would help to support the confidentiality, integrity and availability of information and information systems?
A4. Information Systems. Describe the information systems that should be included in the scope (see p.7 of the risk assessment, scope section). Justify why these systems are included in the scope.
Essay on Implemention Plan1384 Words | 6 Pages
Implementation Plan The Health Body Wellness Center has two basic core business objectives: 1. To make improvements of medical grants utilizing research that is federally funded. 2. Distribute a variety of medical grants to mostly small hospitals The HBWC will be implementing an ISMS plan to facilitate these business objectives in a more secure manner. Incorporating an ISMS plan will allow executive level employees the ability to determine problem areas in the organization’s infrastructure that could…
Health Body1149 Words | 5 Pages
Y Information security management system/vlt2-task2 Student Name University Affiliation Information security management system/vlt2-task2 Health Body Wellness Centre (HBWC) is a health facility that sponsors and encourages medical evaluation, research and dissemination of information among health care experts. At HBWC, the department of Office Grants Giveaway is mandated with to distribute medical grants that are supported by the federal government. The Office of Grants and Giveaways achieves…