[Osaka/Yokohama/Tokushima] Looking for infrastructure/server side engineers!

[Osaka/Yokohama/Tokushima] Looking for infrastructure/server side engineers!

[Deployed by over 500 companies] AWS construction, operation, maintenance, and monitoring services

[Deployed by over 500 companies] AWS construction, operation, maintenance, and monitoring services

[Successor to CentOS] AlmaLinux OS server construction/migration service

[Successor to CentOS] AlmaLinux OS server construction/migration service

[For WordPress only] Cloud server “Web Speed”

[For WordPress only] Cloud server “Web Speed”

[Cheap] Website security automatic diagnosis “Quick Scanner”

[Cheap] Website security automatic diagnosis “Quick Scanner”

[Reservation system development] EDISONE customization development service

[Reservation system development] EDISONE customization development service

[Registration of 100 URLs is 0 yen] Website monitoring service “Appmill”

[Registration of 100 URLs is 0 yen] Website monitoring service “Appmill”

[Compatible with over 200 countries] Global eSIM “Beyond SIM”

[Compatible with over 200 countries] Global eSIM “Beyond SIM”

[If you are traveling, business trip, or stationed in China] Chinese SIM service “Choco SIM”

[If you are traveling, business trip, or stationed in China] Chinese SIM service “Choco SIM”

[Global exclusive service] Beyond's MSP in North America and China

[Global exclusive service] Beyond's MSP in North America and China

[YouTube] Beyond official channel “Biyomaru Channel”

[YouTube] Beyond official channel “Biyomaru Channel”

What is ISMS that you seem to know but don't know much about?

Hello.
I'm Kashiwagi, in charge of ISMS.

What's that about being suddenly told that you're in charge of ISMS? I think it's like that. .

First of all, we often hear about it on the street, but what is ISMS? ?
I thought that there were many people who thought so, so
I decided to write this article to let you know as much as possible about ISMS.

What is ISMS?

Let's start with how to read.

Both ISMS and ISMS

I get the impression that most of the judges are called ISMS.

And what does it stand for?
Information
Security Management System

When it comes to the official name, you can kind of get an idea of ​​what it is.


It's a system for managing information security

It's really easy to understand.

In other words, "companies that have acquired ISMS" are:

We have properly created mechanisms and rules to manage information security!
We operate according to well-established systems and rules!

This means that the company is recognized by the screening company.

So, once you get it, will it be valid for a lifetime?
If you ask me, that's not the case.

Through periodic inspections by the inspection company,
we will confirm whether the created system is being maintained without problems and whether it has been properly reviewed.

If there is a problem, it will be withdrawn, but basically this
is a measure to make the ISMS even better once it has been created.

By reviewing and improving the system from time to time, we
will evolve into a company that can be used with greater peace of mind.

Well, I think I've given you a general overview of ISMS. .

Specifically,
the basic and main activities of ISMS are the fight against "risks," "threats," and "vulnerabilities."

ISMS is a battle against “risk,” “threat,” and “vulnerability.”

The battle against "risks", "threats" and "vulnerabilities" is unavoidable when implementing ISMS.
We cannot talk about ISMS without this.

When asked about ``What is ISMS?'' I said, ``We create a system and rules!''

So, why do we create systems and rules?
There are many reasons, but the three main ones are:
This is because there are "risks," their "threats," and "vulnerabilities."

I came across some difficult words.

"Risk" "Threat" "Vulnerability"

I will explain each one.

What is “risk”?

"Risk" here
refers to the possibility of causing damage or impact.
It's just a possibility.


I'll use shoes as an example since I might trip over them

This possibility is called "risk."

What is a “threat”?

A threat is a ``factor'' that can cause a ``risk.''

Using the example of shoes, the part that says "The shoes I'm wearing are a little worn out."

This element becomes a "threat".

What is “vulnerability”?

Vulnerability refers to a ``weakness'' that can pose a ``threat.''

Using the example of shoes, the part that says "I like to wear them."

A "weakness" that allows a part that can pose a "threat", whether malicious or not, is a "vulnerability".

We will create systems and rules to deal with these issues.

Although this may not be unique to ISMS,
activities are carried out with the aim of identifying these "risks" and preventing or minimizing damage.

Taking shoes as an example, I think there are various countermeasures.

  1. Repair worn-out shoes (Improvements to threats)
  2. Check your shoes regularly to see if they are worn out and repair them if they are worn out (prevention against threats)
  3. Tired shoes give the perception that they are dangerous (coping with vulnerability)

There are various ways to do it.


it means creating mechanisms and rules to deal with ``factors'' and ``weaknesses'' that may cause damage or impact

Responding to these "risks"
is simply called "risk management."

summary

As I have explained at length, it is not just that ``I have peace of mind because I have acquired ISMS'', but because I

use the system called ISMS to carry out the activities I have explained at length on a daily basis. We will continue to work hard to make you feel like we are a company you can trust.

If you found this article helpful , please give it a like!
0
Loading...
0 votes, average: 0.00 / 10
3,063
X facebook Hatena Bookmark pocket
[2025.6.30 Amazon Linux 2 support ended] Amazon Linux server migration solution

[2025.6.30 Amazon Linux 2 support ended] Amazon Linux server migration solution

[Osaka/Yokohama] Actively recruiting infrastructure engineers and server side engineers!

[Osaka/Yokohama] Actively recruiting infrastructure engineers and server side engineers!

The person who wrote this article

About the author

Hirofumi Kashiwagi

Like an engineer.

Date of joining: 2010/11/10
Career to date: 2 development companies
Current work: Engineer-like
Qualifications: AWS SAA, GCP PCA

I don't like Kashiwamochi that much.