Facts about ISO/IEC 27001:2005

ISO 27001:2005 is the international standard for a company to manage it's information security. It sets out how a company should address the requirements of confidentiality, integrity and availability of its information assets and incorporate this into an Information management security system (ISMS). There are currently two main drivers of growth, the public sector and the financial sector.
ISO/IEC 27001:2005 specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented Information Security Management System within the of the organization's overall business risksCertification to ISO/IEC 27001 is a powerful demonstration of an organization�s commitment in managing information security.Increasingly organizations will want to know how safe suppliers IT systems are. Indeed, more companies now see certification to ISO/IEC 27001 as a prerequisite for doing business. Attaining the standard makes a public statement of capability without revealing security processes or opening systems to second party audits. The standard ensures controls are in place to reduce the risk of security threats and to avoid system weaknesses being exploited. It will also help an organization to develop a business continuity plan that will minimize impact of any security breaches unprotected systems are vulnerable to computer-assisted fraud, sabotage and viruses. Breaches in information security can allow vital information to be accessed, stolen, corrupted or lost. An organization needs to be confident that it has the appropriate controls and procedures in place to avoid such incidents ISO/IEC 27001:2005 covers all types of organizations such as small businesses, commercial enterprises, government agencies and not-for profit organizations.