According to the ISMS International User Group, an information security management system ‘is the means by which Senior Management monitors and controls their security, minimizing the residual business risk and ensuring that security continues to fulfil corporate, customer and legal requirements’. Simply put, an ISMS is a framework which management employs to ensure a structured approach is taken to identify the business risks posed against key information assets and how best to manage, eliminate or mitigate those risks.

An effective ISMS will be an integrated part of the overall management system within a company. This is to ensure that senior management is involved and is committed to the ISMS. ...