ISO / IEC 27001, ISO (International Standard Organization) by ISO and IEC technical committees in cooperation with the end of 2005 in the Information Security Standard BS 7799-2 revised generated and organizations information security management system to establish requirements that define the only auditable international standard . Protect their information assets, to give confidence to interested parties, is designed to provide adequate and proportionate security controls.
ISO / IEC 27001 WHAT?
Knowledge, like other important business assets, whose value is for a business, and therefore is an asset to be protected in accordance.
Organizations to continue their activities and perhaps a great importance. Information security, ensure business continuity, minimize business losses and commercial opportunities and maximize the return on investment in the area to remove the threat of danger and protect information.
ISO / IEC 27001, a documented Information Security Management System within the context of the organization to set up all the commercial risks, perform, monitor, review, maintain, and includes requirements to improve. Independent organizations or parties of security controls customized to the needs specifies the requirements and processes for the realization of the approach adopted. And evaluation of all information assets in the organization of these assets that they have weaknesses and the threats they are facing a risk analysis that takes into account requires. The organization itself is a risk management method of choice and should prepare a plan for handling risk.
ISO / IEC 27001, the infection will not tell you how. How can infiltrate your computer network attackers tell.
Total and information security "as a living process" information security "how to be managed" definitions.
Information Security Management System standards in the world, no matter which country or which sector to big or small all types of organizations (eg commercial enterprises, government agencies, non-profit organizations) are suitable. This standard, finance, health, public and IT sectors, such as the protection of information is of great importance, especially in areas where it is necessary.
In addition, information such as IT outsourcing companies are also very important for the organization that administers on behalf of others. This system is under the protection of client information to be used to give assurance.
The organization ensures that the requirements of this standard ISO / IEC 27001 certificate can be taken. ISO / IEC 27001 Certificate, to manage and protect your valuable information assets, especially your customers give confidence to interested parties helps.
ISO / IEC 27001 STANDARD Contents
0.1 General
0.2 Process approach
0.3 Compatibility with other management systems
1 Scope
1.1 General
1.2 Application
2 Referenced standards and / or documents
3 Terms and definitions
3.1 Assets
3.2 Usability
3.3 Privacy
3.4 Information security
3.5 Information security incident
3.6 Information security violation event
3.7 Information security management system
3.8 Integrity
3.9 Residual risk
3.10 Risk acceptance
3.11 Risk analysis
3.12 Risk assessment
3:13 Risk rating
3.14 Risk management
3.15 Risk processing
16.3 Applicability Statement
4 Information security management system
4.1 General requirements
4.2 Establishing and managing the ISMS
4.3 Documentation requirements
5 Management responsibility
5.1 Management commitment
5.2 Resource management
6 ISMS internal controls
7 ISMS management review of the
7.1 General
7.2 Revision entry
Revision 7.3 output
8 ISMS improvement
8.1 Continuous improvement
8.2 Corrective actions
8.3 Preventive action
WHY ISO / IEC 27001?
Ensures the continuity of the business.
· Customer's trust is gained.
· Ensures conformity with legal regulations.
· Information privacy, reliability, protection of legal obligations and commercial image, is provided to maintain.
· Information systems and networks, computer-assisted fraud, espionage, sabotage, vandalism, threats from various sources such as fires and floods and protects from danger.