What is ISO/IEC 27001?
ISO/IEC 27001:2005 is an international standard for Information Security Management Systems. Closely allied to ISO/IEC 17799:2005. this standard (sometimes called the ISMS standard) can help organizations meet all their information-related regulatory compliance objectives and can help them prepare and position themselves for new and emerging regulations.
Information is the lifeblood of today's organization and, therefore, ensuring that information is simultaneously protected and available to those who need it, is essential to modern business operations. Information systems are not usually designed from the outset to be secure. Technical security measures and checklists are limited in their ability to protect a complete information system. Management systems and procedural controls are essential components of any really secure information system and, to be effective, need careful planning and attention to detail.
The question is: "where should we start?"
ISO/IEC 27001 provides the specification for an information security management system and, in the related Code of Practice, ISO/IEC 17799, (ISO27002) it draws on the knowledge of a group of experienced information security practitioners in a wide range of significant organizations across more than 40 countries to set out best practice in information security. An ISO 27001-compliant system will provide a systematic approach to ensuring the availability, confidentiality and integrity of corporate information. The controls of ISO27001 are based on identifying and combating the entire range of potential risks to the organization’s information assets. This handy ISO27001 pocket guide gives a useful overview of the standard.
It will also enable organizations to meet their information-related regulatory compliance requirements (such as FISMA, GLBA, PIPEDA, etc) and, cross-referenced to the requirements of the PCI (Payment Card Industry) standard, is an effective way to achieve compliance with a commercially critical requirement as well. There are other good reasons for pursuing ISO27001.
You can obtain a free copy of our briefing paper on ISO 27001 (titled Infosec 101) by supplying your email address, below:
ISO 27001 Standards, Books and Toolkits immediately available
Through this site, you can access a comprehensive range of advice, books and tools for ISO 27001 certification, including books by internationally-recognised ISO 27001 experts Alan Calder and Steve Watkins, and a North American release of the unique, best-selling ISO 27001 ISMS Documentation Toolkit.
|
|
|
|
|
|
|
International IT Governance: an Executive Guide to ISO27001/ISO17799 |
Management Guides to ISO27001/ISO17799, and to Implementing an ISMS |
