ISO (the International Organization for
Standardization) and IEC (the
International Electro technical Commission) form the specialized system for
worldwide standardization. National bodies that are members of ISO or IEC
participate in the development of International Standards through technical
committees established by the respective organization to deal with particular
fields of technical activity. ISO and IEC technical committees collaborate in
fields of mutual interest. Other international organizations, governmental and
non-governmental, in liaison with ISO and IEC, also take part in the work. In
the field of information technology, ISO and IEC have established a joint
technical committee, ISO/IEC JTC 1. ISO has equal importance to all Software Development Companies in India and globe.
ISO/IEC 27001 was
prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology,
Subcommittee SC 27, IT Security techniques.
ISO/IEC 27001 formally
specifies an Information Security
Management System (ISMS), a suite of activities concerning the management
of information security risks. The ISMS is
an overarching management framework through which the organization identifies, analyses and addresses its information security risks. The ISMS ensures that the security
arrangements are fine-tuned to keep pace with changes to the security threats,
vulnerabilities and business impacts - an important aspect in such a dynamic
field, and a key advantage of ISO27k’s flexible risk-driven approach as
compared to, say, PCI-DSS.
The standard covers all
types of organizations that includes Software Development Companies as well (e.g. commercial enterprises, government agencies,
non-profits), all sizes (from micro-businesses to huge multinationals), and all
industries or markets (e.g. retail, banking, defence, healthcare, education and
government). This is clearly a very wide
brief.
This experience allows us
to see first-hand how managing information security with an ISO/IEC 27001
management system helps you protect
valuable information and deliver real benefits:
Information Security
Issue #1: With increasing fines for
personal data breaches, organizations need to ensure compliance with
legislative requirements, such as the Data Protection Act
How
ISO/IEC 27001 helps
- It provides a framework for the management of information security risks, which ensures you take into account your legal and regulatory requirements
Benefit:
- Supports compliance with relevant laws and regulations
- Reduces likelihood of facing prosecution and fines
- Can help you gain status as a preferred supplier
Information Security
Issue #2: Potential
information breach, damaging your reputation
How
ISO/IEC 27001 helps
- It requires you to identify risks to your information and put in place security measures to manage or reduce them
- It ensures you implement procedures to enable prompt detection of security breaches
- It is based around continual improvement, and requires you to regularly review the effectiveness of your information security management system (ISMS) and take action to address new and emerging security risk
Benefit:
- Protects your reputation
- Provides reassurance to clients that their information is secure
- Cost savings through reduction in incidents
Information Security
Issue #3: Availability
of vital information at all times
How
ISO/IEC 27001 helps
- It ensures that authorized users have access to information when they need it
- It demonstrates that information security is a priority, whilst reassuring stakeholders that a best practice system is in place
- It makes sure you continually improve your information security provisions
Benefit:
- Demonstrates credibility and trust
- Improves your ability to recover your operations and continue business as usual
Information Security
Issue #4: Lack
of confidence in your organizations ability to manage information security
risks
How
ISO/IEC 27001 helps
- Gives you a framework for identifying risks to information security and implementing appropriate management and technical controls
- Is risk based – delivering an appropriate and affordable level of information security
Benefit:
- Confidence in your information security arrangements
- Improved internal organization
- Better visibility of risks amongst interested stakeholders
Information Security
Issue #5: Difficulty
in responding to rising customer expectations in relation to the security of
their information
How
ISO/IEC 27001 helps
- It provides a way of ensuring that a common set of policies, procedures and controls are in place to manage risks to information security
- It gives organizations a straightforward way for responding to tender requirements around information governance
Benefit:
- Meet customer and tender requirements
- Reduce third party scrutiny of your information security requirements
- Get a competitive advantage
Information Security
Issue #6: No
awareness of information security within your organization
How
ISO/IEC 27001 helps
- It ensures senior management recognize information security as a priority and that there is clear tone from the top
- It requires you to implement a training and awareness programmed throughout your organization
- It requires management to define ISMS roles and responsibilities and ensure individuals are competent to perform their roles
Benefit:
- Improved information security awareness
- Shows commitment to information security at all levels throughout your organization
- Reduces staff-related security breaches
Nice post. Thanks for sharing this post. ISO 27001 Qatar
ReplyDelete