UNIT NO. & TITLE: 20-Information System Management
QUALIFICATION: BTEC Level 5 Computing
YEAR: 2020-2021
PREPARED BY: Kunwar Singh
REPORT
ASSESSOR NAME: Ms. Saba Shaikh
SUBMITTED ON:
1
, INDEX
No. Topic Page No.
1. LO1. Explore the basic principles of 3-10
information security
management.
P1. Examine the key principles of an ISMS and its 3-4
relevance to the successful operation of an
organization i.e., FireEye.
M1 Evaluate the benefits an effective ISMS can 5-10
have on an organization i.e., FireEye.
2. LO2 Critically assess how an organization 11-20
can implement and maintain an
Information Security Management System
(ISMS)
P2. Explore the elements of, and processes 11-15
behind, establishing and maintaining an ISMS
for FireEye.
M2: Examine the process of implementing an 16-20
ISMS in a real-world scenario.
3. LO3. Appraise an ISMS and describe any 21-31
weaknesses it may contain.
P3 Recognize strengths and weaknesses in a given 21-23
ISMS, based on documentation review and audit
output in FireEye.
M3: Examine the strengths and weaknesses of an 24-31
ISMS in the context of an organization,
prioritizing issues for FireEye.
4. LO4: Examine the strengths and weaknesses of 32-39
implementing ISMS standards.
P4: Recognize the purpose of the ISO 27000 series 32-34
and the key clauses of ISO 27001:2013.
M4: Evaluate the relationship between ISO 35-39
27001:2013 and establishing an effective ISMS
within an organization
References 40
2
,LO1. Explore the basic principles of information security
management.
P1. Examine the key principles of an ISM and its relevance to the
successful operation of an organization i.e., FireEye.
As a senior Information Security Manager in Fire Eye organization, I must
Examine the key principles of an ISM and its relevance to the successful
operation of my organization FireEye.
What is an ISM?
ISM or information security control machine is a framework of policies and
methods for systematically dealing with a business enterprise’s privacy and
security over its sensitive facts.
The objective of ISM is to minimize the threat of a safety breach to make
certain commercial enterprise continuity as well as guard the personal statistics
of customers and customers.
A few aspects of ISM consist of addressing employee behavior and approaches,
in addition to records and era. the implementation of ISM may be centered, for
Instance, best for a positive form of facts.
It may additionally be carried out in a complete manner turning into a part of
the business enterprise’s generation surroundings. google, as an example, is a
business enterprise that takes facts security very severely.
There are numerous instantaneous blessings with implementation of ISM on
your corporation. underneath are nine motives because we must to bear in mind
imposing one:
3
, Concepts of an information security management system
At the same time as the implementation of an ISMS will vary from enterprise to
Company, there are underlying principles that all ISMS need to abide through
so as to be powerful at protective an agency’s information assets.
Those standards – a few of that are noted underneath – will assist guide you on
the road ISO/IEC 27001 certifications.
The first step in successfully implementing an ISMS is making key stakeholders
privy to the want for data protection.
Without purchase-in from the folks that will implement, oversee, or hold an
ISMS, it will likely be tough to Gain and preserve the level of diligence needed
to create and preserve a certified ISMS.
In order for an organization’s ISMS to be effective, it have to examine the
security desires of each facts asset and follow appropriate controls to preserve
those belongings safe.
No longer all facts assets need the same controls, and there may be no silver
bullet for facts security.
Data comes in all shapes and sizes, as do the controls on the way to hold your
information secure.
Implementing an ISMS is No longer a challenge with a fixed period. to maintain
an enterprise, secure from threats in your information, an ISMS have to
continually grow and evolve to satisfy the rapidly changing technical landscape.
Consequently, continual reassessment of a records safety control device is a
ought to.
Through frequently checking out and assessing an ISMS, an employer will
recognize whether their records continue to be covered or if modifications want
to be made.
4
QUALIFICATION: BTEC Level 5 Computing
YEAR: 2020-2021
PREPARED BY: Kunwar Singh
REPORT
ASSESSOR NAME: Ms. Saba Shaikh
SUBMITTED ON:
1
, INDEX
No. Topic Page No.
1. LO1. Explore the basic principles of 3-10
information security
management.
P1. Examine the key principles of an ISMS and its 3-4
relevance to the successful operation of an
organization i.e., FireEye.
M1 Evaluate the benefits an effective ISMS can 5-10
have on an organization i.e., FireEye.
2. LO2 Critically assess how an organization 11-20
can implement and maintain an
Information Security Management System
(ISMS)
P2. Explore the elements of, and processes 11-15
behind, establishing and maintaining an ISMS
for FireEye.
M2: Examine the process of implementing an 16-20
ISMS in a real-world scenario.
3. LO3. Appraise an ISMS and describe any 21-31
weaknesses it may contain.
P3 Recognize strengths and weaknesses in a given 21-23
ISMS, based on documentation review and audit
output in FireEye.
M3: Examine the strengths and weaknesses of an 24-31
ISMS in the context of an organization,
prioritizing issues for FireEye.
4. LO4: Examine the strengths and weaknesses of 32-39
implementing ISMS standards.
P4: Recognize the purpose of the ISO 27000 series 32-34
and the key clauses of ISO 27001:2013.
M4: Evaluate the relationship between ISO 35-39
27001:2013 and establishing an effective ISMS
within an organization
References 40
2
,LO1. Explore the basic principles of information security
management.
P1. Examine the key principles of an ISM and its relevance to the
successful operation of an organization i.e., FireEye.
As a senior Information Security Manager in Fire Eye organization, I must
Examine the key principles of an ISM and its relevance to the successful
operation of my organization FireEye.
What is an ISM?
ISM or information security control machine is a framework of policies and
methods for systematically dealing with a business enterprise’s privacy and
security over its sensitive facts.
The objective of ISM is to minimize the threat of a safety breach to make
certain commercial enterprise continuity as well as guard the personal statistics
of customers and customers.
A few aspects of ISM consist of addressing employee behavior and approaches,
in addition to records and era. the implementation of ISM may be centered, for
Instance, best for a positive form of facts.
It may additionally be carried out in a complete manner turning into a part of
the business enterprise’s generation surroundings. google, as an example, is a
business enterprise that takes facts security very severely.
There are numerous instantaneous blessings with implementation of ISM on
your corporation. underneath are nine motives because we must to bear in mind
imposing one:
3
, Concepts of an information security management system
At the same time as the implementation of an ISMS will vary from enterprise to
Company, there are underlying principles that all ISMS need to abide through
so as to be powerful at protective an agency’s information assets.
Those standards – a few of that are noted underneath – will assist guide you on
the road ISO/IEC 27001 certifications.
The first step in successfully implementing an ISMS is making key stakeholders
privy to the want for data protection.
Without purchase-in from the folks that will implement, oversee, or hold an
ISMS, it will likely be tough to Gain and preserve the level of diligence needed
to create and preserve a certified ISMS.
In order for an organization’s ISMS to be effective, it have to examine the
security desires of each facts asset and follow appropriate controls to preserve
those belongings safe.
No longer all facts assets need the same controls, and there may be no silver
bullet for facts security.
Data comes in all shapes and sizes, as do the controls on the way to hold your
information secure.
Implementing an ISMS is No longer a challenge with a fixed period. to maintain
an enterprise, secure from threats in your information, an ISMS have to
continually grow and evolve to satisfy the rapidly changing technical landscape.
Consequently, continual reassessment of a records safety control device is a
ought to.
Through frequently checking out and assessing an ISMS, an employer will
recognize whether their records continue to be covered or if modifications want
to be made.
4
