What is ISO 19253:2018 ?

Title: Understanding ISO 19299:2018: A Technical Article

ISO 19299:2018 is a technical specification developed by the International Organization for Standardization (ISO) that provides guidelines for organizations on how to implement and maintain an effective information security management system (ISMS). The purpose of ISO 19299:2018 is to provide organizations with a framework for establishing, implementing, maintaining, and continually improving their ISMS.

ISO 19299:2018 is designed to be used by organizations of all sizes and industries. It is important to note that ISO 19299:2018 is not a replacement for ISO/IEC 27001, but rather a supplement to it.

Key Components of ISO 19299:2018

ISO 19299:2018 provides several key components that organizations should consider when implementing an ISMS. These key components include:

Information Security Management System (ISMS)

ISO 19299:2018 defines an ISMS as a set of processes, policies, and controls that help organizations manage information security risks and protect sensitive information.

Information Security Risk Management

ISO 19299:2018 defines information security risk management (ISRM) as the process of identifying, assessing, and prioritizing information security risks to minimize their impact on the organization.

Information Security Governance

ISO 19299:2018 defines information security governance (ISG) as the overall management and oversight of information security activities within an organization.

Information Security Management Plan (ISMP)

ISO 19299:2018 defines an Information Security Management Plan (ISMP) as a written document that outlines an organization's information security management system (ISMS) and provides guidance on how to implement and maintain it.

Information Security controls

ISO 19299:2018 defines information security controls (ISCs) as the measures taken by an organization to manage information security risks and protect sensitive information.

Conclusion

ISO 19299:2018 is an important technical specification that provides organizations with a framework for establishing, implementing, maintaining, and continually improving their ISMS. By implementing the key components outlined in ISO 19299:2018, organizations can minimize the impact of information security risks on their business and protect sensitive information.