top of page

IT Security

Information Security Management System (ISMS)

The main body of ISO/IEC 27001 formally specifies a number of mandatory requirements that must be fulfilled in order for an Information Security Management System (ISMS) to be certified compliant with the standard. The ISO standard requires management control to determine the organization's information security risks, assess them, decide how those risks are to be treated, treat them and monitor them, using the policies and procedures defined in the ISMS.
Nemo's evaluation process includes the following 13 main business areas

IT Organization and Policies

Vendor's Management

Security Awareness

Information Management

Configuration Management

Access to Programs and Data

Change Management

OS and Network Security


Remote Access

IT Business Operations

Incident Management

Physical Security

Confidentiality - Integrity - Availability

Security governance, management concepts and principles are inherent elements in a security policy and in a solution deployment. They define Goals and Objectives useful for the Policy maker, and the designer/ implementer. The primary goals and objectives of security are contained within the CIA triad. Confidentiality, Integrity, and Availability. Security controls typically evaluate how well they address these three core information security tenets. Overall a complete security solution should adequately address these. Vulnerabilities and Risks are also evaluated based on the threat they pose against one or more of the CIA principles.

bottom of page