Information Security Management Systems

Information Security Management System (ISMS) Consulting

Information Security Management System (ISMS) Consulting services are critical to the success of a business as they help design, implement and operate a coherent set of policies, standards, and procedures (PSP) to manage risks to its information assets. ISO-27001 is the most renowned promoter of the ISMS concept. However,, the idea of an ISMS can be found in other leading IT control frameworks too, including COBIT (most notably in Risk IT) and FISMA/NIST (most notably in SP 800-39). PPS’s ISMS Practice Area addresses the three key life-cycle phases of an ISMS:

  • Strategize: What framework(s) should we consider? What attestation do we need to provide to which stakeholders? What standards should we align ourselves with? What will the process look like if rolling this out world-wide? What internal/external resources will we need to design it, implement it, certify it, operate it, and validate it?
  • Implement: What Risk Assessment Methodology will we adopt? How do we develop the Risk Treatment Plan? How best to Gap Assess current vs. desired state? How do we leverage Security Metrics to know that we are achieving KPI’s?
  • Operate: How do we evolve the scope of the ISMS to address other key systems or different locations? How do we independently/objectively validate the operation of the ISMS? How do we provide assurance/attestation to stakeholders like the Board and customers? How do we manage and learn from incidents before risk is realized?