Sunday, May 31, 2015

Benefits of ISO/IEC 27001: Information Security Management

ISO (the International Organization for Standardization) and IEC (the International Electro technical Commission) form the specialized system for worldwide standardization. National bodies that are members of ISO or IEC participate in the development of International Standards through technical committees established by the respective organization to deal with particular fields of technical activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1. ISO has equal importance to all Software Development Companies in India and globe.
ISO/IEC 27001 was prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology, Subcommittee SC 27, IT Security techniques.
ISO/IEC 27001 formally specifies an Information Security Management System (ISMS), a suite of activities concerning the management of information security risks.  The ISMS is an overarching management framework through which the organization identifies, analyses and addresses its information security risks.   The ISMS ensures that the security arrangements are fine-tuned to keep pace with changes to the security threats, vulnerabilities and business impacts - an important aspect in such a dynamic field, and a key advantage of ISO27k’s flexible risk-driven approach as compared to, say, PCI-DSS.
The standard covers all types of organizations that includes Software Development Companies as well (e.g. commercial enterprises, government agencies, non-profits), all sizes (from micro-businesses to huge multinationals), and all industries or markets (e.g. retail, banking, defence, healthcare, education and government).  This is clearly a very wide brief.
This experience allows us to see first-hand how managing information security with an ISO/IEC 27001 management system  helps you protect valuable information and deliver real benefits:
Information Security Issue #1: With increasing fines for personal data breaches, organizations need to ensure compliance with legislative requirements, such as the Data Protection Act
How ISO/IEC 27001 helps
  • It provides a framework for the management of information security risks, which ensures you take into account your legal and regulatory requirements 

Benefit:
  • Supports compliance with relevant laws and regulations
  • Reduces likelihood of facing prosecution and fines
  • Can help you gain status as a preferred supplier

Information Security Issue #2: Potential information breach, damaging your reputation
How ISO/IEC 27001 helps
  • It requires you to identify risks to your information and put in place security measures to manage or reduce them
  • It ensures you implement procedures to enable prompt detection of security breaches
  • It is based around continual improvement, and requires you to regularly review the effectiveness of your information security management system (ISMS) and take action to address new and emerging security risk

Benefit:
  • Protects your reputation
  • Provides reassurance to clients that their information is secure
  • Cost savings through reduction in incidents

Information Security Issue #3: Availability of vital information at all times
How ISO/IEC 27001 helps
  • It ensures that authorized users have access to information when they need it
  • It demonstrates that information security is a priority, whilst reassuring stakeholders that a best practice system is in place
  • It makes sure you continually improve your information security provisions

Benefit:
  • Demonstrates credibility and trust
  • Improves your ability to recover your operations and continue business as usual

Information Security Issue #4: Lack of confidence in your organizations ability to manage information security risks
How ISO/IEC 27001 helps
  • Gives you a framework for identifying risks to information security and implementing appropriate management and technical controls
  • Is risk based – delivering an appropriate and affordable level of information security

Benefit:
  • Confidence in your information security arrangements
  • Improved internal organization
  • Better visibility of risks amongst interested stakeholders

Information Security Issue #5: Difficulty in responding to rising customer expectations in relation to the security of their information
How ISO/IEC 27001 helps
  • It provides a way of ensuring that a common set of policies, procedures and controls are in place to manage risks to information security
  • It gives organizations a straightforward way for responding to tender requirements around information governance

Benefit:
  • Meet customer and tender requirements
  • Reduce third party scrutiny of your information security requirements
  • Get a competitive advantage

Information Security Issue #6: No awareness of information security within your organization
How ISO/IEC 27001 helps
  • It ensures senior management recognize information security as a priority and that there is clear tone from the top
  • It requires you to implement a training and awareness programmed throughout your organization
  • It requires management to define ISMS roles and responsibilities and ensure individuals are competent to perform their roles

Benefit:
  • Improved information security awareness
  • Shows commitment to information security at all levels throughout your organization
  • Reduces staff-related security breaches

1 comment: