Information Security Management System (ISMS)
The main body of ISO/IEC 27001 formally specifies a number of mandatory requirements that must be fulfilled in order for an Information Security Management System (ISMS) to be certified compliant with the standard. The ISO standard requires management control to determine the organization's information security risks, assess them, decide how those risks are to be treated, treat them and monitor them, using the policies and procedures defined in the ISMS.
Nemo's evaluation process includes the following 13 main business areas
IT Organization and Policies
Access to Programs and Data
OS and Network Security
IT Business Operations
Confidentiality - Integrity - Availability
Security governance, management concepts and principles are inherent elements in a security policy and in a solution deployment. They define Goals and Objectives useful for the Policy maker, and the designer/ implementer. The primary goals and objectives of security are contained within the CIA triad. Confidentiality, Integrity, and Availability. Security controls typically evaluate how well they address these three core information security tenets. Overall a complete security solution should adequately address these. Vulnerabilities and Risks are also evaluated based on the threat they pose against one or more of the CIA principles.