ISMS support tools (episode 3 of 4)
So far, I've waffled on about the variety of ISMS support tool types on the market, and about gross differences between ISMS user organisations in terms of industry, size etc.
Next, think about the kinds of things they might expect their ISMS support tools to do. Digging beneath the superficial "support our ISO/IEC 27001 ISMS", organizations may well expect/require the tools to help them with security controls such as:
The 'help' they need to manage any of those controls may involve assistance with:
- Selecting and designing them;
- Defining the control objectives and rules;
- Documenting them;
- Installing and configuring them consistently;
- Monitoring and measuring them;
- Reviewing/testing them for assurance reasons;
- Integrating them or making them work in conjunction with other controls and systems;
- ... and so on.
I'm not quite finished yet though. 'Organisations' don't use ISMS support tools: people do, so most organisations would value configurable ‘views’ e.g. a senior management dashboard showing key metrics, with drill-down to additional information for middle/junior managers; administrative functions and detailed reports for specialists.
That's just one of several possible operational requirements for the ISMS support tools. More of those to come in the final episode ...