A Practical Implementation of ISMS

Nowadays, access to reliable information has become an essential factor leading to success in business. In this regard, adequate security of information and systems thatprocess it is critical to the operation of all organizations. Therefore organizations must understand and improve the current status of their information security in order to ensurebusiness continuity and increase rate of return on investments. Since, information securityhas a very important role in supporting the activities of the organization and for this reason; it is needed to have a standard or benchmark which regulates governance overinformation security. Hence, this paper discusses some of Information Security Management System (ISMS) standards in order to determine their strengths and challenges. Then, based on most appropriate standards in the field, a method is proposed toallow information technology-related or based enterprises to implement their ISMS. Thismethod helps identifying critical assets and related threats and vulnerabilities, assessingassets risks and providing necessary risk treatment plans. The proposed method makes it possible and structured to establish information security management system in IT related large-scale enterprises