Objective:
To simulate the end-to-end implementation of an Information Security Management System (ISMS) for a small business, following ISO/IEC 27001:2022 standards.
Project Activities:
- Conducted in-depth study of ISO 27001 and its Annex A controls to understand requirements for information security governance.
- Reviewed and gained understanding of an ISMS implementation plan using an ISO 27001 toolkit.
- Defined project scope and objectives, roles and responsibilities aligning the ISMS with business goals, risk appetite, and regulatory needs.
- Performed a comprehensive risk assessment to identify, evaluate, and prioritize information security risks.
- Developed sample security policies and procedures aligned with ISO 27001 controls, using templates as a base.
- Established a risk treatment plan, selecting appropriate controls to mitigate identified risks.
- Created incident response and business continuity plans to ensure organizational resilience.
- Produced a baseline ISMS documentation set, including Statement of Applicability, risk register, and policy document.
Key Skills Practised:
Gained practical experience in establishing and managing an ISMS based on the ISO 27001 standard.