Managing Information Security
Increasing risks, new regulations and compliance requirements put a lot of pressure on organizations to establish and maintain an Information Security Management System.
ISO 27001, international standard for information security management, introduces a methodology and gives hundreds of recommendations to users, in order to understand the risks in their specific environment, take appropriate measures and keep up with continually changing assets, threats and vulnerabilities in a typical dynamic enterprise environment.
Although the standard clearly defines the needs and approaches information security management systematically, it is still a serious issue to implement it. Complicated and time consuming processes take place with participation of many departments to build asset inventories, estimate the risk environment with objective criterion, match the risks with controls, trace the relation between the risk and the control, plan how to handle risks, measure the efficiency of controls and so on. Besides it is a never ending continual process to build, manage and improve the system, which requires accurate documentation and workflow processes. This is where ISMart comes to help to guide and facilitate all steps one by one.
What Can You Do Using IsmArt?
- Define assets with quidance of templates identifying ownership and asset values
- Categorize assets using predefined asset categories or any custom categories you may need
- Identify risks related with assets, considering all threats and vulnerabilities in terms of confidentiality, integrity and availability. ISMart may guide you with predefined threats/vulnerabilities and controls
- Calculate risk values
- Select controls among predefined ISO27001 domains and controls, or any custom controls or control categories you define, in accordance with the risks identifed
- Define risk treatment actions and monitor their progress
- Trace the relation between an asset, risk, control and risk treatment action back and forth
- Instantly produce essential reports like asset inventory, risk report, SOA report and so on, with smart presentation features at different detail levels
- Save reports with current values so that in the future you can to compare current and previous values and produce comparison reports
- Generate policy documents, using either custom statements you define or thousands of best practices predefined in ISMart
- Measure effectiveness of ISMS, understand the awareness level and analyze the gap to fulfill certification requirements
- Manage security incidents. ISMArt can be used corporate users to report security incidents and security officers can use ISMArt to manage incidents
ISMart is not only a guide to significantly reduce time and effort for achieving ISO 27001 certification but is also a useful tool to manage daily security related operation by planing actions and monitoring their status.
ISMart allows all employees to participate information security management processes as their roles require, within the access rights granted to them. Or the entire ISMS process can be managed by a few individuals if preffered. ISMArt can be used both as a quick compliance tool or a detailed compliance and security management platform.
ISMart has a built-in document management system. It allows users to generate policy documents or store documents related to security processes. Documents stored by ISMArt can be associated with assets, risks, controls, actions and so on. On the other hand, if the enterprise has an existing document management system, isms documentation is not necessarily stored in ISMart but only links to the actual document store are stored in ISMArt.
Change history for all critical information such as asset information and attributes, risk levels, selected controls, risk treatment actions etc are kept in the system and changes can be traced to monitor all processes.
Provides lots of predefined items like default controls for risks, predefined control statements, threats/vulnerabilities, asset categories etc which may be used for rapid ISMS formation and management.
- Multiuser java web application
- Scalable from smallest organizations with a few users to large enterprises with thousands of users
- Works on standard software and hardware platforms
- Can be easily integrated with existing corporate active directory structure
- Risk Analysis and Management
- Detailed Reporting, including all reports required for ISO 27001 compliance process
- Risk Treatment Planning and Management
- Integrated Document Management and Policy Document Generation
- Security Incident Management
- Measuring ISMS Effectiveness
- Easy setup and simple configuration through application interface
- Advanced authorization mechanism to meet all complex authorization requirements