ISMSOwner.com

Welcome to ISMSOwner.com, a resource for improving your Information Security Management System (ISMS).

Having an ISMS for your organization is important to validate that you have the appropriate structures in place to identify and effectively manage risks within your environment. Often, the very thought of creating an ISMS can seem rather daunting. However, it doesn’t need to be that way.

Here you will find free ISMS knowledge articles, quizzes, and tools to help you get your ISMS on the path to success.

Start off by having a read through the ISMS Knowledge Articles.

• What is an ISMS?
• ISMS Policy
• Training and Awareness
• Inventory of Assets
• Risk Assessment
• Statement of Applicability
• Management Review
• Internal Audit
• Measures and Metrics
• Document Management
• ISO 27001:2022 Transition Guide
• Summarised ISO Standard list
• What is the CIA?
• List of ISMS definitions

ISO 27001:2022 Updates

This site has been updated to reflect the latest ISO 27001:2022 standard, which replaced ISO 27001:2013. Key improvements include:

• Reorganized control structure: 93 controls organized into 4 categories (Organizational, People, Physical, Technical) instead of the previous 14 categories with 114 controls
• New controls: Including threat intelligence, cloud security, and secure coding requirements
• Modern threat landscape: Updated guidance for current cybersecurity challenges including ransomware, supply chain attacks, and remote work security

Organizations certified under ISO 27001:2013 must transition to the 2022 version by October 31, 2025.

Contributing to ISMSOwner.com

All the code for the site is managed through GitHub. If you'd like to contribute to the site, simply create a new branch, perform the necessary updates on the new branch, and create a pull request to the main branch.