1.1.2 Functionality to support security management using a PDCA cycle
ISMS recommends the PDCA cycle approach to run and improve a security management system. The functionality provided by JP1/IT Desktop Management supports controls determined by the organization in each of the processes of a PDCA cycle for security management.
The following figure shows JP1/IT Desktop Management functions and support for security management through the PDCA cycle.
JP1/IT Desktop Management operation (actions performed by the administrator) through the PDCA cycle for security management is as follows:
- 1. Plan: Establish
-
Diagnose the security status of the computers in the organization using JP1/IT Desktop Management
From the diagnostic results, evaluate the system security status and work out potential issues. From this evaluation, devise the organization's security rules and consider how to implement them.
- 2. Do: Implement and operate
-
Set security policies and apply them to the computers using JP1/IT Desktop Management.
If any computers with vulnerabilities are discovered, take measures using JP1/IT Desktop Management.
- 3. Check: Monitor and review
-
Using JP1/IT Desktop Management, judge whether any device poses a security risk.
Diagnose the system security from the results of this judgment process, using JP1/IT Desktop Management.
From the diagnostic results, determine trends and identify unresolved issues.
- 4. Action: Maintain and improve
-
Implement measures for identified issues.
Using JP1/IT Desktop Management, output a security diagnostics report and review results.
Based on the review, plan how to improve the security rules in the next cycle.