ISO 27001 : 2005
Your core business processes are supported by
information systems. Any disruption in the information quality, quantity,
distribution or relevance puts your business at risk. That's why you need to
actively manage the security of your information systems and business-critical
information
The first step is to define the
scope of ISMS policy. It is also critical to identify the dangers you face and
decide a systematic approach how to assess the risks. Once this has been done, a
successful ISMS includes standard steps for implementation, operation, review,
maintenance and improvement of the system.
ISO/IEC 27001:2005 covers twelve
sections:
o Security Policy
o Organization of
Information Security
o Asset Management
o Human Resources Security
o Physical and
Environmental Security
o Communications and
Operations
o Management
o Access Control
o Information Systems
Acquisition, Development and Maintenance
o Information Security
Incident Management
o Business Continuity
Management
o Compliance
Certification motivates your organization
and demonstrates the credibility of your ISMS towards external
stakeholders.
