What is ISMS that you seem to know but don't know much about?

Hello.
I'm Kashiwagi, in charge of ISMS.

What's that about being suddenly told that you're in charge of ISMS? I think it's like that. .

First of all, we often hear about it on the street, but what is ISMS? ?
I thought that there were many people who thought so, so
I decided to write this article to let you know as much as possible about ISMS.

What is ISMS?

Let's start with how to read.

Both ISMS and ISMS

I get the impression that most of the judges are called ISMS.

And what does it stand for?
Information
Security Management System

When it comes to the official name, you can kind of get an idea of ​​what it is.

It's a system for managing information security

It's really easy to understand.

In other words, "companies that have acquired ISMS" are:

We have properly created mechanisms and rules to manage information security!
We operate according to well-established systems and rules!

This means that the company is recognized by the screening company.

So, once you get it, will it be valid for a lifetime?
If you ask me, that's not the case.

Through periodic inspections by the inspection company,
we will confirm whether the created system is being maintained without problems and whether it has been properly reviewed.

If there is a problem, it will be withdrawn, but basically this
is a measure to make the ISMS even better once it has been created.

By reviewing and improving the system from time to time, we
will evolve into a company that can be used with greater peace of mind.

Well, I think I've given you a general overview of ISMS. .

Specifically,
the basic and main activities of ISMS are the fight against "risks," "threats," and "vulnerabilities."

ISMS is a battle against “risk,” “threat,” and “vulnerability.”

The battle against "risks", "threats" and "vulnerabilities" is unavoidable when implementing ISMS.
We cannot talk about ISMS without this.

When asked about ``What is ISMS?'' I said, ``We create a system and rules!''

So, why do we create systems and rules?
There are many reasons, but the three main ones are:
This is because there are "risks," their "threats," and "vulnerabilities."

I came across some difficult words.

"Risk" "Threat" "Vulnerability"

I will explain each one.

What is “risk”?

"Risk" here
refers to the possibility of causing damage or impact.
It's just a possibility.

I'll use shoes as an example since I might trip over them

This possibility is called "risk."

What is a “threat”?

A threat is a ``factor'' that can cause a ``risk.''

Using the example of shoes, the part that says "The shoes I'm wearing are a little worn out."

This element becomes a "threat".

What is “vulnerability”?

Vulnerability refers to a ``weakness'' that can pose a ``threat.''

Using the example of shoes, the part that says "I like to wear them."

A "weakness" that allows a part that can pose a "threat", whether malicious or not, is a "vulnerability".

We will create systems and rules to deal with these issues.

Although this may not be unique to ISMS,
activities are carried out with the aim of identifying these "risks" and preventing or minimizing damage.

Taking shoes as an example, I think there are various countermeasures.

1. Repair worn-out shoes (Improvements to threats)
2. Check your shoes regularly to see if they are worn out and repair them if they are worn out (prevention against threats)
3. Tired shoes give the perception that they are dangerous (coping with vulnerability)

There are various ways to do it.

it means creating mechanisms and rules to deal with ``factors'' and ``weaknesses'' that may cause damage or impact

Responding to these "risks"
is simply called "risk management."

summary

As I have explained at length, it is not just that ``I have peace of mind because I have acquired ISMS'', but because I

use the system called ISMS to carry out the activities I have explained at length on a daily basis. We will continue to work hard to make you feel like we are a company you can trust.