Abstract:
The paper is focused on management approaches oriented towards the design, implementation, maintenance and continuous improvement of an information security management system (ISMS). It identifies the most common information and communication technology threats, that may affect the integrity, confidentiality and availability of information, causing deficiencies in the organization activity. It describes the organizational measures to be taken in order to establish a management system, that could reduce or even exclude the negative impact of attacks on organisation’s information systems. Based on the best practices, provided by the family of international standards in security ISO/IEC 27000, an algorithm for implementation of an ISMS at the organization level is proposed.