ISMS Implementation (Phase III)

In this phase, the Security Domain Definition Process can begin. Understanding the business processes, where information is processed and stored, data types and flows, and span of control is essential to accomplishing a succesful implementation. Documenting these specifics is the goal of the Security Domain Definition Process. This will set the stage for implementation of the security processes on a domain level.

An operational level assessment of the selected Security Domain is then performed in a similar fashion to Phase 1. The focus of this assessment is to determine the current state of Information Security Service maturity within the selected Security Domain.

Deliverables:

• Domain Definition Template
• Gap Analysis against requirements developed in Phase II
• Gap Analysis Tool
• Written Gap Analysis Summary
• Domain Risk Treatment and Corrective Action Plans

Next Phase: ISMS Certification Preparation