Parameters and Guidelines of Enforceable Information Security Management Systems

Abstract

It is increasingly important for organizations to set up an Information Security Management System (ISMS) to fulfil their business interests and their legal compliance. The main purpose of these systems is to properly protect the information owned or managed by the organization. Often, the developed ISMS complies with the external regulatory environment, but contains unenforceable rules that impede work, so it is unable to fulfil its function. In order to prevent security incidents, it is not enough to ensure legal compliance. The enforceability of these policies is gaining increasing importance in order to avoid hindering work processes. This article identifies quality parameters and guidelines in order to improve quality, enable and improve enforceability of ISMS systems, in order to fulfil their purpose, mainly protection of company information assets. By adhering to these parameters and guidelines organisations can improve their ISMS systems which enforces security of their information assets