SGSI is a management system that implements and maintains information security in an organization.
What is SGSI?
SGSI is a management system that implements and maintains information security based on the ISO 27001 standard.
Components
Policies
- Security Policy: General security policy
- Specific Policies: Area-specific policies
- Procedures: Security procedures
- Guidelines: Implementation guidelines
Processes
- Identification: Asset identification
- Assessment: Risk assessment
- Treatment: Risk treatment
- Monitoring: Monitoring and review
Controls
- Organizational Controls: Organizational controls
- Technical Controls: Technical controls
- Physical Controls: Physical controls
- Personnel Controls: Personnel controls
Implementation
Phase 1: Planning
- Analysis: Requirements analysis
- Design: SGSI design
- Resources: Required resources
- Timeline: Implementation timeline
Phase 2: Implementation
- Policies: Implement policies
- Processes: Implement processes
- Controls: Implement controls
- Training: Train personnel
Phase 3: Operation
- Monitoring: Continuous monitoring
- Audits: Internal audits
- Review: Management review
- Improvement: Continuous improvement
Phase 4: Certification
- Preparation: Certification preparation
- Audit: Certification audit
- Certification: Certification obtainment
- Maintenance: Certification maintenance
Benefits
Organizational
- Governance: Better governance
- Risks: Risk management
- Compliance: Regulatory compliance
- Reputation: Better reputation
Operational
- Efficiency: Higher efficiency
- Quality: Better quality
- Continuity: Business continuity
- Innovation: Innovation promotion
Commercial
- Trust: Higher trust
- Competitiveness: Competitive advantage
- Access: Market access
- Contracts: Obtain contracts
Best Practices
Implementation
- Commitment: Management commitment
- Resources: Appropriate resources
- Training: Personnel training
- Communication: Effective communication
Operation
- Monitoring: Continuous monitoring
- Audits: Regular audits
- Review: Management review
- Improvement: Continuous improvement
Certification
- Preparation: Adequate preparation
- Audit: Certification audit
- Maintenance: Certification maintenance
- Renewal: Certification renewal
Related Concepts
- CISO - Role that implements SGSI
- ISO 27001 - Standard that defines SGSI
- ISMS - System that includes SGSI
- Compliance - Process that includes SGSI
- GDPR - Regulation that includes SGSI
- CIS Benchmarking - Standard complementary to SGSI
- Audits - Process that includes SGSI
- BIA - Analysis that includes SGSI
- GAP Analysis - SGSI assessment
- IT Governance - Discipline that includes SGSI
- COBIT 5 - Framework complementary to SGSI
- SIEM - System that monitors SGSI