Use Case: Information Security Management System (ISMS)

Alyne supports your organisation in designing and maintaining an Information Security Management System (ISMS) that aligns with common standards for information security and cyber security management.

Introduction

Designing and maintaining an Information Security Management System (ISMS) aligned with common standards for information security and cyber security management such as the ISO / IEC 27001:2013, the NIST Cyber Security or SOC2 Frameworks are common for almost all organisations in need of protecting their companies’ and customers’ information. At Alyne we have regularly support our customers through our Software as a Service (SaaS) on this journey and have observed some common challenges and also analysed some success factors: 

Common Challenges

  • Targeting 100%
    An ISMS does not mean that I need to reach 100% maturity for every control at the start. It only means I need to have an appropriate management process in place to manage the full scope of the ISMS. This usually means actively managing information and cyber risk and defining appropriate actions or risk acceptances.

  • Obsess over technical measures
    Often information security management is reduced too much to individual technical measures, because these are easily understandable. What an ISMS teaches us, is that the combination of technical and organisational measures combined through engaged management is what actually increases the security posture.

  • Tick the Box
    Reducing an ISMS to ticking the box will ultimately fail. Trying to outsource this task from management to another part of the organisation will equally fail. It’s not called a management system for nothing. As management - either take part or don’t start at all. 

Success Factors

  • Integrate Organically
    Make the ISMS part of the regular agenda of interactions you already have with relevant stakeholders as opposed to scheduling new recurring meetings. That way you minimise disruption and leverage existing contact points to formalise outcomes for the ISMS.

  • Leverage Framework Synergies
    Don’t approach the ISMS in isolation. From a process, people and technology standpoint there is a large overlap with other related topics such as data privacy, operational risk management, BCM, audit and more. Your investment of time and budget is much better spent if you address the ISMS capability in this broader context.

  • Solve in Sprint
    Carve out some time in your calendar and get a large part of implementing or reviewing the ISMS done in one go over a few days. The overall time spent on the topic is minimised. If these activities drag out over time, you quickly lose momentum.

For further information and to access Alyne’s dedicated ISMS resources aligned to ISO 27001 standards, click here.

PreviousNext
Karl Viertel

Related Posts

Real-Time Operational Risk Management in Financial Institutions (Part 1)

With this new article series, we explore and provide insights into Real-Time Operational Risk Management. In this first article, we deep dive into the many challenges of Operational Risk Management in many financial institutions and the goal of achieving an Integrated Risk Management approach that enables the organisation to make risk aware decisions that efficiently focus its resources and increase efficiency.
Read more

2021 Recap: Celebrating a Groundbreaking Year

2021 marks an incredible year for Alyne, now part of the Mitratech portfolio. The team invested a tremendous amount of effort and hard work to drive new growth, nurture opportunities, spark meaningful conversations, and incorporate powerful functionality into the platform. Take a look at our work, achievements and snapshots from the year.
Read more

Alyne's Assessments: Measuring Compliance Against Multiple Maturity Models

Assessments are an essential tool for measuring compliance. Recently within Alyne, we have improved our capabilities to cover Multiple Maturity Models, which enables users to configure more than one maturity model in their organisation and measure compliance in the levels of their choice. Using this feature, teams can create and customise levels to their Controls, assess compliance across multiple maturity models, create Reports and leverage this functionality in Alyne's Continuous Controls.
Read more