818 Words Feb 28th, 2016 4 Pages
VLT2 Task 2 Tip Sheet
An Information Security Management System (ISMS) represents a systematic approach for designing, implementing, maintaining, and auditing an organization’s information system security objectives. As with any process, if an ISMS is not continually monitored, its effectiveness will tend to deteriorate.
For this task you will be using the attached “Healthy Body Wellness Center Risk Assessment” case study. In this task, you will be writing a 1–2 page white paper outlining the scope of an
ISMS plan for the Healthy Body Wellness Center and an evaluation of the previously conducted risk assessment.
The first step in initiating an ISMS is to form a committee of upper level management that would
…show more content…
Course Mentor Tips
Task 2 – Information Security Management System (ISMS)
Part A – Based on the given scenario, you are to define the scope of the organization’s ISMS by answering the following questions: o o o o o Business objectives
Guiding security principles
Processes that should be included in scope
Information systems that should be included in the scope
IT infrastructure, including a description of the information flow

A1. Business Objectives. What are the objectives of the OGG, which will be covered by the ISMS? What exactly does the HBWC OGG do?
A2. Guiding Security Principles. For the guiding security principles section, the evaluators are looking for general security principles that the organization will use and consider in writing the ISMS plan. An example would be the security principles of confidentiality, integrity, and availability (CIA triad). Think about general management principles. How do these principles apply to the scenario?
A3. Processes. What are the processes that will be controlled by the ISMS? PCDAWhat are some processes that would help to support the confidentiality, integrity and availability of information and information systems?
A4. Information Systems. Describe the information systems that should be included in the scope (see p.7 of the risk assessment, scope section). Justify why these systems are included in the scope.

More about Hbwc

Open Document