What is ISMS?

Hello,
I'm Kashiwagi, in charge of ISMS.

If you were suddenly told you were in charge of ISMS, you might be wondering what that means

but I think there are many people out there who are wondering, "
What is ISMS?" So I decided to write this article to help people learn a little more about ISMS.

What is ISMS?

First, let's start with how to pronounce it.

It can be either ISMS or ISSMUS

I get the impression that many of the judges are people known as ISMS

And what does it stand for?
Information Security
Management System

When you get to the official name, you can get a general idea of ​​what it is

It is a system for managing information security

Very easy to understand

In other words, "companies that have acquired ISMS" are:

We have created proper systems and rules to manage information security, and
we operate in accordance with those systems and rules!

This means that the company has been approved by the screening company

So, does that mean that once you get it, it will be valid for life? No, it's

Regular inspections by an inspection company
will confirm whether the created system is being maintained without any problems and whether it is being properly reviewed.

If there are any problems, it will be withdrawn, but basically,
it is a measure to improve the "ISMS once created."

By constantly reviewing our systems and improving them, we
will evolve into a company that you can use with even greater peace of mind.

Well, I think I was able to give you a general idea of ​​what ISMS is

Specifically, what kind of activities are carried out?
The basic and main activity of ISMS is to fight against "risks," "threats," and "vulnerabilities."

ISMS is a battle against "risks," "threats," and "vulnerabilities"

When implementing an ISMS, you cannot avoid battling "risks," "threats," and "vulnerabilities."
You cannot talk about ISMS without ignoring these issues.

In the section "What is ISMS?", I said, "We create the systems and rules!"

So, what is the purpose of creating systems and rules?
There are various reasons, but the main three are as follows:
Because there are "risks," "threats," and "vulnerabilities" involved.

Difficult words have come up

"Risks," "Threats," and "Vulnerabilities"

I will explain each one

What is "risk"?

The "risk" mentioned here
refers to the possibility of causing damage or impact.
It is just a possibility.

For example, the shoes I like to wear now are a little worn out, so
I'll use shoes as an example because there is a chance I might trip over them in the future.

This possibility is a "risk."

What is a "threat"?

A threat is a factor that can cause a risk to occur

In the case of shoes, the part that comes to mind is "The shoes I'm wearing are a little worn out."

This element is the "threat."

What is "vulnerability"?

Vulnerability refers to a "weakness" that can pose a "threat."

In the case of shoes, the part that comes to mind is "I like to wear them."

"Vulnerability" is a "weakness" that allows for parts that could pose a "threat," regardless of whether they are malicious or not

To deal with these issues, we create systems and rules

This may not just be an ISMS issue, but
activities are carried out with the aim of identifying these "risks" and preventing them before they occur or minimizing the damage.

Taking the example of shoes, I think there are various countermeasures

1. Repairing worn-out shoes (Threat improvement)
2. Regularly check your shoes for signs of wear and tear, and repair them if they are (threat prevention)
3. Worn shoes create a sense of danger (dealing with vulnerability)

There are various ways to do this

it means creating systems and rules to deal with the "factors" and "weaknesses" that could potentially cause damage or impact

Responding to these "risks"
is simply called "risk management."

summary

I have explained at length, but it is not simply that "we have ISMS certification so you can rest assured," but rather that
we utilize the ISMS system to carry out the activities I have explained at length on a daily basis, and we
intend to continue working hard so that you will think of Beyond as a trustworthy company.