ISO/IEC 27001:2005 is an international standard for Information Security Management Systems. Closely allied to ISO/IEC 17799:2005. this standard (sometimes called the ISMS standard) can help organizations meet all their information-related regulatory compliance objectives and can help them prepare and position themselves for new and emerging regulations.
Information is the lifeblood of today's organization and, therefore, ensuring that information is simultaneously protected and available to those who need it, is essential to modern business operations. Information systems are not usually designed from the outset to be secure. Technical security measures and checklists are limited in their ability to protect a complete information system. Management systems and procedural controls are essential components of any really secure information system and, to be effective, need careful planning and attention to detail.
Saturday, February 28, 2009
Facts about ISO/IEC 27001:2005
ISO 27001:2005 is the international standard for a company to manage it's information security. It sets out how a company should address the requirements of confidentiality, integrity and availability of its information assets and incorporate this into an Information management security system (ISMS). There are currently two main drivers of growth, the public sector and the financial sector.
ISO/IEC 27001:2005 specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented Information Security Management System within the of the organization's overall business risksCertification to ISO/IEC 27001 is a powerful demonstration of an organization�s commitment in managing information security.Increasingly organizations will want to know how safe suppliers IT systems are. Indeed, more companies now see certification to ISO/IEC 27001 as a prerequisite for doing business. Attaining the standard makes a public statement of capability without revealing security processes or opening systems to second party audits. The standard ensures controls are in place to reduce the risk of security threats and to avoid system weaknesses being exploited. It will also help an organization to develop a business continuity plan that will minimize impact of any security breaches unprotected systems are vulnerable to computer-assisted fraud, sabotage and viruses. Breaches in information security can allow vital information to be accessed, stolen, corrupted or lost. An organization needs to be confident that it has the appropriate controls and procedures in place to avoid such incidents ISO/IEC 27001:2005 covers all types of organizations such as small businesses, commercial enterprises, government agencies and not-for profit organizations.
ISO/IEC 27001:2005 specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented Information Security Management System within the of the organization's overall business risksCertification to ISO/IEC 27001 is a powerful demonstration of an organization�s commitment in managing information security.Increasingly organizations will want to know how safe suppliers IT systems are. Indeed, more companies now see certification to ISO/IEC 27001 as a prerequisite for doing business. Attaining the standard makes a public statement of capability without revealing security processes or opening systems to second party audits. The standard ensures controls are in place to reduce the risk of security threats and to avoid system weaknesses being exploited. It will also help an organization to develop a business continuity plan that will minimize impact of any security breaches unprotected systems are vulnerable to computer-assisted fraud, sabotage and viruses. Breaches in information security can allow vital information to be accessed, stolen, corrupted or lost. An organization needs to be confident that it has the appropriate controls and procedures in place to avoid such incidents ISO/IEC 27001:2005 covers all types of organizations such as small businesses, commercial enterprises, government agencies and not-for profit organizations.
Subscribe to:
Posts (Atom)