ISMS works around the principles of PDCA (Plan - Do - Check - Act) cycle and management system
processes like:
The ISMS system adopted at UAE University has managed to improve its security posture by:
Information Security Awareness: Participants should be aware of the need for security of
information systems and networks abd act to enhance security.
Information Security Roles and Responsibilities: All participants are responsible for the security
of information systems and networks.
Incident Response: Participants should act in a timely and co-operativemanner to prevent, detect
and respond to security incidents.
Risk Assessment: Participants should conduct information security risk assessments.
Security Program Design and implementation: Participants should incorporate security as an
essential element of information systems and networks.
Security Management: Participants should adopt a comprehensive approach to security
management.
Continuous Improvement: Participants should review and reassess the security of information
systems and networks, and apply appropriate modifications to security policies, practices,
measures and procedures as needed.
Reducing the risk of data loss though error or malicious circumstances.
Ensuring compliance with regulatory requirements with regards to information security.
Achieving an acceptable security control baseline.
Protecting our organization from external and internal threats.
Scrutinizing existing security controls by both internal and external ISO auditors with the view
of obtaining the ISO27001 certification.
By Asad Mukhtar
21 |
December 2015
UITS Newsletter
