ISO CONSULT CHENNAI

ISO_27000

Importance of Information Security:

In today’s business environment, information is the backbone for any organization. Increasingly, organizations and their information systems are exposed to security threats from a wide range of sources including computer assisted fraud, espionage, sabotage, vandalism, fire, flood etc. Computer viruses, hacking and denial of service attacks have become more common and sophisticated.

About ISO 27001:2013 (Information Security Management System)

    An Information Security Management System (ISMS) is a systematic approach for managing sensitive company information and information entrusted to companies by third parties so that it remains secure. It encompasses people, processes and IT systems.

It a is a framework of policies and procedures that includes all legal, physical and technical controls involved in an organisation's information risk management processes.

ISO 27001 was published by the International Organization for Standardization (ISO), in partnership with the International Electrotechnical Commission (IEC).

 

ISO 27001 is part of a set of standards developed to handle information security: the ISO/IEC 27000 series. Its full name is “ISO/IEC 27001 – Information security, cybersecurity and privacy protection — Information security management systems — Requirements.”

Applicable to:

Suitable for any organization, large or small, in any sector. The standard is especially suitable where the protection of information is critical, such as in the banking, financial, health, R&D institutes and IT sectors. The standard is also applicable to organizations which manage high volumes of data, or information on behalf of other organizations such as data centers and IT outsourcing companies.

The three principles of ISO 27001:

The basic goal of ISO 27001 and an Information Security Management System is to protect three aspects of information:

  • Confidentiality: Only authorized persons have the right to access information.
  • Integrity: Only authorized persons can change the information.

  • Availability: The information must be accessible to authorized persons whenever it is needed.

ISO 27001 uses a top down, risk-based approach and is technology-neutral. The specification defines a six-part planning process:

  • Define a security policy.

  • Define the scope of the ISMS.
  • Conduct a risk assessment.
  • Manage identified risks.
  • Select control objectives and controls to be implemented.
  • Prepare a statement of applicability.

The specification includes details for documentation, management responsibility, internal audits, continual improvement, and corrective and preventive action. The standard requires cooperation among all sections of an organization.