Inspired by ISO / IEC 17799 (PDCA model) we provide a six step procedure for defining and implementing the ISMS (Information Security Management System):
o ISMS "scope" definition
o Security Policy Definition
o Risk analysis and risk evaluation
o Risk management
o Selection of targets and controls to implement
o Preparation of the Statement of Applicability