Why do we need ISMS?
Organizations and their information systems and networks are exposed with security THREATS such as fraud, espionage, fire, flood and sabotage from a wide range of sources. The increasing number of security breaches has led to increasing information security concerns among organizations worldwide.
ACHIEVING INFORMATION SECURITY is a huge challenge for organization as it CANNOT BE ACHIEVED THROUGH TECHNOLOGICAL MEANS ALONE, and should never be implemented in a way that is either out of line with the organization’s approach to risk or which undermines or creates difficulties for its business operations.
Thus there is a need to look at information security from a HOLISTIC PERSPECTIVE, and to have an information security management methodology to protect information systematically. This is where the need for ISMS comes in.