What is ISMS?

Hello.
This is Kashiwagi from ISMS.

If you were suddenly told you were in charge of ISMS, you might be wondering what that means

, "What exactly is ISMS?" even though they hear about it a lot
I thought there might be many people who are wondering
so I decided to write this article to help you understand ISMS a little better.

What is ISMS?

Let's start with the pronunciation.
I-S-M-S or I-M-S
It can be either

I get the impression that many of the judges are people known as ISMS

And what does it stand for?
Information Security
Management System.

When you get to the official name, you can get a general idea of ​​what it is

managing (controlling) information security
It's a system (mechanism) for

Very easy to understand

In other words, "companies that have acquired ISMS" are:

We have established proper systems and rules to manage information security!
We operate in accordance with these well-defined systems and rules!

This means that the company has been approved by the screening company

once you obtain it, it's valid for life? The
, does that mean that

Regular audits by the auditing company
will verify that the system you created is being maintained without problems and that it is being properly reviewed and updated.

If there are any problems, it can be withdrawn, but basically,
it is a measure to improve an ISMS that has already been created.

By continuously reviewing and improving our systems,
we evolve into a company that our customers can use with greater peace of mind.

Well, I think I was able to give you a general idea of ​​what ISMS is

Specifically,
the basic and main activities of ISMS involve combating "risks," "threats," and "vulnerabilities."

ISMS is a battle against "risks," "threats," and "vulnerabilities"

When implementing an ISMS, one cannot avoid battling "risks," "threats," and "vulnerabilities."
It's impossible to discuss ISMS without addressing these issues.

In the section "What is ISMS?", I said, "We create the systems and rules!"

So, why create systems and rules?
There are many reasons, but the three main ones are:
because they contain "risks," "threats," and "vulnerabilities."

Difficult words have come up

"Risks," "Threats," and "Vulnerabilities"

I will explain each one

What is "risk"?

In this context, "risk"
refers to the possibility of causing damage or impact.
It's merely a possibility, after all.

For example, the shoes I currently like to wear are a bit worn out, so there's a possibility I might trip over them. I
'll continue using shoes as an example going forward.

This possibility is a "risk."

What is a "threat"?

A threat is a factor that can cause a risk to occur

In the case of shoes, the part that comes to mind is "The shoes I'm wearing are a little worn out."

This element is the "threat."

What is "vulnerability"?

Vulnerability refers to a "weakness" that can pose a "threat."

In the case of shoes, the part that comes to mind is "I like to wear them."

"Vulnerability" is a "weakness" that allows for parts that could pose a "threat," regardless of whether they are malicious or not

To deal with these issues, we create systems and rules

While this may not be limited to ISMS alone,
activities are carried out with the aim of identifying these "risks" and preventing them before they occur, or minimizing the damage.

Taking the example of shoes, I think there are various countermeasures

1. Repairing worn-out shoes (Threat improvement)
2. Regularly check your shoes for signs of wear and tear, and repair them if they are (threat prevention)
3. Worn shoes create a sense of danger (dealing with vulnerability)

There are various ways to do this

"factors" and "weaknesses" that could potentially cause damage or impact
it means creating mechanisms and rules to address the

And dealing with these "risks"
is simply called "risk management."

summary

I've gone on at length, but it's not simply a matter of "we're safe because we have ISMS certification." Rather,
we use the ISMS system to carry out the activities I've described at length on a daily basis, and we
intend to continue striving to ensure that people think of Beyond as a trustworthy company.