ABSTRACT
Why Is an ISMS Benefi cial? .......................................................................................................17 Defensible .........................................................................................................................17 Diff erentiator ....................................................................................................................17 Business Enabler ...............................................................................................................18 Structure ...........................................................................................................................18
Who Participates in an ISMS? ...................................................................................................19 Board ................................................................................................................................19 Executive Staff ..................................................................................................................19 Management .....................................................................................................................19 Operations ........................................................................................................................19
Where Does an ISMS Live? ...................................................................................................... 20 Enterprise ........................................................................................................................ 20 Information Security Domains ........................................................................................ 20
How Is an ISMS Built? ............................................................................................................. 20 Understand the Environment ...........................................................................................21 Assess Enterprise Risk .......................................................................................................21 Charter Information Security Program .............................................................................21 Assess Program Risk ........................................................................................................ 22
