Systematic and structural approach / framework to manage sensitive information (i.e. customer data, financial information, intellectual property, employee details or information entrusted to them by third parties) so it reminds secure.
This is usually ensured by designing, implementing and maintaining a set of policies, processes and systems to manage risks related to all IT assets.
These policies, processes and systems should be applied to business, organisational and technical levels.
To assure ISMS accuracy it should be based on one of the information security standards like ISO27000:2005 or Common Criteria and shaped by the organisation's needs and objectives.
- business continuity
- improve organisation image (credibility and trust)
- legal compliance
- rises awareness for information security risks
- good article explaining why ISMS is important: http://www.itgovernance.co.uk/blog/nine-reasons-to-implement-an-information-security-management-system-isms/
- ISMS based on ISO27k: http://www.itgovernance.co.uk/iso27001.aspx