Information Security Management System

Establish an information security management system (ISMS) for the maintenance and improvement of the cyber-security maturity, and posture of the organization. The Security Management System will be reviewed using the ISO 27001 standard and National Institute of Standards and Technology (NIST) - Cyber security framework will be used to review the Cyber Security Controls.

The services will be reviewed under the below service approach;

• Understand the business criticality of information and systems managed by internal IT department/ Information Systems Division
• Assess current status of security management, processes and controls
• Focus on IT systems and processes. Perform System based business Impact assessment (BIA) and risk assessment (RA)
• Implement information security management system (ISMS)
• Improve continuously by having a security roadmap and a process to address it