Information Security and ISO 27001
ISO/IEC 27001 is the international standard that describes best practice for an Information Security Management System (ISMS), a systematic approach to information security that will protect your information assets in cyberspace.
This page describes how the adoption of an ISMS compliant with ISO27001 will allow you to preserve the confidentiality, integrity, and availability of your organization’s information assets and help you achieve compliance with such regulatory acts as the GLBA, HIPAA, Sarbanes–Oxley and the Federal Information Security Management Act.
What is ISO 27001?
Closely allied to ISO27002 (the Code of Practice for Information Security Controls), ISO27001 is the international standard for Information Security Management Systems (ISMS), a systematic approach to managing confidential or sensitive corporate information so that it remains secure.
The newest version of the standard, ISO/IEC 27001:2013, was published in September 2013. You can obtain a copy of ISO27001:2013 and read a more in-depth explanation of the differences between the 2013 and the 2005 versions of the standard here.
What is an ISMS?
An ISMS (Information Security Management System) is a systematic approach to managing confidential or sensitive corporate information so that it remains secure. An effective ISMS is about much more than just anti-virus software: it encompasses people, processes, and technology to create a complete and well-considered overall approach to information security.
Both strategic and operational, and with different initiatives that are prioritized, integrated and cross-referenced to ensure overall effectiveness, an ISMS helps you coordinate all your security efforts—both electronic and physical—coherently, consistently, and cost-effectively.
Benefits of conformance to ISO 27001
The adoption of an ISO27001-compliant ISMS has three major business benefits:
It will enable you to integrate international best practice into your existing management approach to information security, thus streamlining and strengthening your business processes to help you ensure the confidentiality, integrity, and availability of your organization’s data assets.
It will assure your suppliers, customers, stakeholders, and staff that you are following fully-auditable best practice, which will increase morale within your organization and confidence in its competence outside it, giving you a competitive edge and enabling you to win more business.
It will also help your organization meet all of its information-related regulatory compliance objectives (including compliance to regulatory acts, such as the GLBA, HIPAA, Sarbanes–Oxley, and the Federal Information Security Management Act) and help prepare for new and emerging regulations.
ISO 27001 products and services
IT Governance has a wide range of ISO27001 resources to help you implement and maintain an ISMS, including standards, books, tools, online and classroom-based training courses, staff awareness eLearning courses, software, and consultancy.
ISO27001:2013 is the latest version of the standard and is the starting point for any ISMS implementation.
ISO27002:2013 establishes guidelines and general principles for initiating, implementing, maintaining, and improving information security management in an organization.
(ISO27001:2013 and ISO27002:2013 are available together in one kit.)
ISO27005:2011 provides guidelines to assist the satisfactory implementation of information security as laid down in ISO27001 based on a risk management approach.
Other available standards from the ISO27000 family include:
ISO27003:2010, which provides implementation guidance for an ISMS.
ISO27007:2011, which provides guidance on conducting ISMS audits and managing ISMS audit programs.
ISO27013:2012, which provides guidance on the joint implementation of ISO27001 and ISO20000 (the international standard for IT service management).
ISO27031:2011, which provides guidelines for ICT readiness for business continuity.
ISO27032:2012, which provides guidance for cybersecurity.
Please see our Web Store for our full range of available standards.
IT Governance sources and publishes a wide range of ISO 27001 books.
Please see our Web Store for our full range of available books.
The ISO 27001 Cybersecurity Documentation Toolkit provides a comprehensive set of customizable document templates that you can use to comply with the requirements of ISO 27001, the New York DFS Cybersecurity Requirements for Financial Services Companies, and Massachusetts 201 CMR 17.00, and to address control sets from NIST SP 800-53 and ISO 27001:2013 Annex A.
This toolkit comprises policies, procedures, work instructions, and records that will save you months of work as you implement a robust cybersecurity framework.
Please see our Web Store for our full range of available toolkits.
IT Governance provides a structured ISO27001 training path, from Foundation to Lead Implementer and Lead Auditor, and offers IBITGQ qualifications on the successful completion of our classroom-based and online courses.
Please see our Web Store for our full range of available training courses.
vsRiskTM is the only tool in its price range that seamlessly integrates into an ISO27001 management system, allowing users to carry out an automated, robust and extensive information security risk assessment of their organization’s assets compliant with ISO27001.
See how you can perform information security risk assessments quickly and easily, or visit our Web Store to see the full range of vsRisk tools available.
With over 10 years of practical experience, IT Governance can provide consultancy services covering any framework or standard to any organization, anywhere in the world. At IT Governance we understand that information security is always a business issue, not just an IT one. Our consultancy services assist organizations in properly managing their information technology strategies and achieving strategic goals.
Call us toll free on 1 877 317 3454 to talk to us about our consultancy services or email us for more information or to arrange an initial meeting.