Abstract

In the current era of information technology, most companies, industries, and government sectors have already automated their systems using computer networks. These networks primarily store the organization's data for further processing and later use. In the information security context, which is the ultimate insurance of the information, it is the core matter of interest to protect and zealously preserve the information; at the same time, the availability of the information when needed is a greater challenge. So, the network managers need a system to orientate facilities in place to cover data and network resources. This chapter explores the security management system (SMS), which is a comprehensive set of strategies and procedures based on the risk management and risk assessment components; it looks into all critical business processes by analyzing the associated risks. Afterward, it executes the controls to prevent information from internal and external attacks (threats) and ensures that information is well safeguarded, and risk is absolved. These threats include not only the cause of someone with malicious targets, but also the accidental events like someone who downloads a Trojan or involuntarily deletes or moves critical files. The periodic check is the final step to adjust and organize the policies in the place they need to be, according to new technologies and new ways to save data damage externally. The essence of the implemented system (e.g. ISO/IEC 27001) based on the organizational management model Plan-Do-Check-Act (PDCA) framework, which embeds cloudy features to achieve the effectiveness and efficiency throughout the necessary procedures.