Implementation Of The Information Security Management System

Introduction: International Organization for Standardization (ISO) 27002 defines information as an asset that may exist in many forms and has value to an organization. Information Technology (IT) security governance is the system by which an organization directs and controls IT security (adapted from ISO 38500). Successful implementation of the information security management system (ISMS) is governed by analyzing security requirements to protect organizational information assets and apply appropriate security controls to ensure their protection (ISO/IEC 27000:2012, 2012). The main purpose of Information Security Governance (ISG) is to protect against risks and manages risks relating to the confidentiality, integrity and availability of†¦show more content†¦Some recent security breaches include Blue Cross of California, which reported that, in November 2013, it exposed 25,400 doctors’ social security numbers (Privacy Rights Clearinghouse, 2015). In 2013, Target reported a data breach that affected 70 million customers, in which the hackers gained access to credit and debit card information (Privacy Rights Clearinghouse, 2015). The breach of CareFirst BlueCross BlueShield’s 1.1 million records compromised, Premera’s 11 million records compromised, Excellus BlueCross BlueShield’s had 10 million records exploited and Experian’s 15 million records compromised. Security breaches at Sony s PlayStation Network resulted in the disclosure of 77 million subscriber’s personal information, (Sony Faces Lawsuit over PlayStation Network Break, The Wall Street Journal, April 28, 2011). eBay employee log-ins compromised in 2013, allowing access to the contact and log-in information for 233 million eBay customers . Another retailer Michaels had 2.6 million customers payment cards information compromised in 2014. Home Depot reported malware attack that compromises the credit card information for roughly 56 million shoppers in over 2,000 U.S. and Canadian outlets. J.P. Morgan Chase had the contact information for 76 million households and 7 million small businesses compromised. Miyamoto (2013) identified people as the weakest link in information