First, the main role:
1. Information security management system is the standard for establishing and maintaining information security management system. The standard requires organizations to establish an information security management system by determining the scope of the information security management system, formulating information security policies, defining management responsibilities, and selecting control objectives and methods based on risk assessment.
2. Once the system is established, the organization shall operate according to the requirements specified in the system to maintain the effectiveness of the system operation;
3. The information security management system should be documented, that is, the organization should establish and maintain a documented information security management system, which should explain the protected assets, organizational risk management methods, control objectives and methods, and the required degree of assurance.
Second, related applications:
Mainly in the application of PDCA, what is PDCA?
1. Plan-Determine control objectives and measures according to the risk assessment results, the requirements of laws and regulations and the needs of organizing business operations;
2. Implement (DO)- Implement the selected safety control measures;
3, check (check)-according to the strategy, procedures, standards and laws and regulations, the implementation of safety measures for compliance inspection;
4. Action) —— Take corrective and preventive measures according to the results of ISMS audit, management review and other relevant information to realize the continuous improvement of the information security management system.