Internet Security Auditors proposes a Differential Analysis ISO/IEC 27002 as first step for a correct way of a ISMS according to the ISO/IEC 27001 international norm. That analysis of the present situation of the security in systems information covers aspects of Management (policy, regulatory and documented procedures), Legal (laws and contracts) and Technical (architecture, tools and applied technologies).

The summary objectives of Differential Analysis are:

• Knowing Enforceability and Differential: to know the enforceability and referring differential to ISO/IEC 27002 standard.
• Appraisal of the Measures of present Security: to Obtain an independent appraisal for present state of organization security measures .
• Security Improvement Plan: Determine a Security Improvement Plan, adapted and specific for the organization.
• Make aware: Make aware the different business areas, security information importance since management. point of view.
• ISMS Establishment Orinent: Is the first step to ISMS establishment according to the international ISO/IEC 27001 norm.

To successfully establish a ISMS is necessary the total implication and support of direction in project, and correct ISMS design. This design should identify and document the ISMS reach and objectivesI, making the organitzation security policy , inventorying assets to include in reach, carrying out a risk analysis to be able to carry out, from the threats, vulnerabilities and impacts, an appraisal and subsequent management of risk that permit us to select the necessary controls for minimize the existing risks and select Applicable of ISO/IEC 27002 norm.

The summary objectives of ISMS Establishment are:

• Define Targets: Define security targets.
• Analisis ang Risk Management: (MAGERIT, OCTAVE or CRAMM).
• Director Plan: Director Plan creation of the establishment.
• Implementation: ISMS Implementation.