What are three characteristics of an information security management system? (Choose three.)

What are three characteristics of an information security management system? (Choose three.)

  • It involves the implementation of systems that track the location and configuration of networked devices and software across an enterprise.
  • It consists of a management framework through which an organization identifies, analyzes, and addresses information security risks.
  • It consists of a set of practices that are systematically applied to ensure continuous improvement in information security.
  • It is a systematic and multilayered approach to cybersecurity.
  • It addresses the inventory and control of hardware and software configurations of systems.
  • It is based on the application of servers and security devices.
    Answers Explanation & Hints:

    An Information Security Management System (ISMS) consists of a management framework through which an organization identifies, analyzes, and addresses information security risks. ISMSs are not based in servers or security devices. Instead, an ISMS consists of a set of practices that are systematically applied by an organization to ensure continuous improvement in information security. ISMSs provide conceptual models that guide organizations in planning, implementing, governing, and evaluating information security programs.

    ISMSs are a natural extension of the use of popular business models, such as Total Quality Management (TQM) and Control Objectives for Information and Related Technologies (COBIT), into the realm of cybersecurity.

    An ISMS is a systematic, multi-layered approach to cybersecurity. The approach includes people, processes, technologies, and the cultures in which they interact in a process of risk management.