An Information Security Systems Management is a systematic approach and a combination of policies and procedures that helps you to manage and protect enterprise's sensitive data using effective risk management.
ISMS focuses on three key aspects, which are:
- Confidentiality
- Integrity
- Availability
ISMS vs Security Enterprise Architecture
An ISMS outlines the controls to put in place and provides a direction how to manage those controls in their own lifecycle.
Those controls may be; risk management, vulnerability management, physical security, auditing, configuration management etc.) An ISMS defines specifies the parts and pieces that needed to be put into place in order to achieve a holistic security program for the enterprise. ISMS also defines how to maintain and take care of those pieces and parts properly.
Security Enterprise Architecture illustrates how those parts should be implemented and integrated into the different layers of current business environment.
