a. What is Information Security Management System (ISMS)?

• Information security continues to be a big concern territory-wide nowadays. Organisations with poor or inadequate information security measures are often prone to unauthorised attacks and intrusion, thereby undermining the confidence of their clients and the public at large.
• Information Security Management System (ISMS) is a systematic approach, as a part of the overall management system, for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an organisation's information security.
• ISO/IEC 27001 is an international standard jointly published by the International Organisation for Standardisation (ISO) and the International Electrotechnical Commission (IEC) to specify the normative requirements for the development and operation of ISMS.
• The purpose of implementing ISMS is to assist an organisation to achieve its business objectives, such as to raise productivity, to enhance reputation, or to attract more investors and clients, through treating and managing information security risks against its risk acceptance levels through a risk assessment.