Saturday, April 16, 2016

ISO 27001

International Standard for Organization (ISO) 27001 is a management framework for protection of business – critical information. According to ISO 27001, Information security is defined as the preservation of Confidentiality, Integrity and Availability of information; in addition, other properties such as authenticity, accountability, non-repudiation and reliability can also be involved. Confidentiality means, only the authorized person can access certain information. Integrity means, only the authorized person can change and add the information in a specified way. Availability means, the information has to be available to all the person who need them in the specified time.

Information Security Management System (ISMS) is a systematic approach to managing confidential or sensitive corporate information so that it remains secure. ISO 27001 is an ISMS standard that replaced BS77799-2:2002 in late 2005. It formally specifies an ISMS that is intended to bring information security under explicit management control. Also it is the best practice specification that helps businesses and organizations throughout the world. It adapts Plan-Do-Check-Act (PDCA) model.

Why should organization care about ISO 27001?

Reason 1: Compliance. ISO 27001 can bring in the methodology that enables organizations to comply in the most efficient way. Certification is often the quickest ‘Return on Investment’ – if an organization must comply to various regulations regarding data protection, privacy and IT governance (particularly it a financial, health or government organization).

Reason 2: Marketing Edge.  In a market which is more and more competitive, it is sometimes very difficult to find something that will differentiate you in the eyes of your customers. ISO 27001 could be indeed a unique selling point, especially if you handle client sensitive information.

Reason 3: Lowering the expenses. Information security is usually considered as a cost with no obvious financial gain. However, there is financial gain if you lower your expenses caused by incidents. You probably do have interruption in service, or occasional data leakage, or disappointed employees or disappointed former employees.

Reason 4: Putting your business in order. ISO 27001 is particularly good in sorting out those thorny management system issues -  it forces you to define very precisely both the responsibilities and duties, and therefore strengthen your internal organization.

Reference: https://www.youtube.com/watch?v=eN5MtSq89Hs
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)