Information Security Management System (ISMS)
An Information Security Management System (ISMS) is a set of policies concerned with information security management or IT related risks. It is a system designed to establish, implement, operate, monitor, review, maintain, and improve information security.
ISMS can be implemented as a specific information system that deals with a particular business area, or it can be implemented as an all-encompassing system involving the whole organization.
Implementing International Standards on Information Security:
Government has embarked on the deployment of International Standard on Information Security within the Civil Service.
This standard provides a structured approach for attaining an optimum level of Information Security within an organisation through the implementation of an Information Security Management System (ISMS).
The ISMS allows an organisation to identify potential threats and their consequential impacts, evaluate the degree of risks in several areas and apply adequate measures for eliminating or minimising those risks.
o Improved enterprise security
o More effective security planning and management
o Better risk management
o Enhanced user confidence
o More secure partnership for eGovernment
The IT Security Unit facilitates the implementation of ISMS in Ministries and Departments by providing training to officers in information risk management, providing advice to their Information Security Forums, reviewing and auditing the ISMSs.
About 10 sites in Government are presently implementing their ISMSs.
Two sites have been certified at the national level for MS ISO/IEC 27001:
1. Cane Planters and Millers Arbitration and Control Board.
2. Passport and Immigration Office (PIO).