In our latest information page about Cyber Security, we outlined the heightened risks faced by organizations across the USA, and how effective cyber security is an issue of national importance.

To help organizations mitigate these risks we have created a demo version of our best-selling ISO 27001 ISMS Toolkit, which can be downloaded straight away by adding your email address to a form accessible from this page.

What is an Information Security Management System?

Information Security is not just about anti-virus software, implementing the latest firewall or locking down your laptops or web servers. The overall approach to Information Security should be strategic as well as operational, and different security initiatives should be prioritised, integrated and cross-referenced to ensure overall effectiveness.

An Information Security Management System (ISMS) is about ensuring that your systems comply with the requirements of critical regulations such as SOX, HIPAA, GLBA, State Breach Laws and others.

ISO/IEC 27001:2005 is a specification for the design of an ISMS – the 'how to make it work', not the details of what should be in it.

Challenges in creating an ISMS

Traditional approaches to implementing an ISMS are usually sequential. The company-wide 'Plan' phase of the project is completed before the 'Do' phase commences, and neither 'Check' nor 'Act' usually start until after the 'Do' phase is finished. And within each phase, it’s not uncommon for controls to be tackled sequentially; for example, first the anti-virus policy is developed and approved, then the anti-virus procedures, followed by the detailed anti-virus work instructions. Once the work instructions are developed, software is rolled out/adjusted, staff are trained, and then you hope to move on to the next control.

But that’s not all there is to the first procedure: it also has to deal with spyware, worms and Trojans. It has to integrate with the incident response and business continuity processes, the user access agreement, and training aspects of the ISMS.

There are 133 controls, each with a similarly complex set of challenges that have to be met before you can be sure that there will be no holes, no inconsistencies or incoherencies, in your ISMS.

And if you’re doing this through a traditional trial and error approach, you’ve got to work out for yourself, how to get it right across the board.

The IT Governance FAST TRACK approach

You will want to tackle your project in one of two ways: either area by area (e.g. control by control, or division by division) or across the board. In either case, you need to be sure that there are no cracks in your ISMS.

The IT Governance Complete ISMS Toolkit supports both a sequential mini-PDCA approach and a massively parallel approach. In either case, the template documents deliver consistent, aligned, coherent policies and procedures that effectively meet the complex, cross-referential requirements of the standard.

Deploying the IT Governance Complete ISMS Toolkit ensures that you meet your project objectives with the minimum of hassle and the maximum of coherence.

No 3 Comprehensive ISO 27001 ISMS Toolkit (US) The Complete ISMS Toolkit is unique in its comprehensiveness, practical detail, updates and online drafting support – and it’s consistent with, and follows the detailed guidance of, International IT Governance. It makes sense not to re-invent existing wheels when you can deploy pre-written policy and procedure templates. The additional books and tools are unique and fit for purpose – they are designed to give you the knowledge and information you need to cost-effectively implement an ISMS and accelerate organizational learning.

Take the demo today and see for yourself how you can avoid costly trial and error dead-ends!