ISO 27001 is an international standard which provides a model for launching, applying, operating, monitoring, reviewing, maintaining and improving an Information Security Management System (ISMS). ISO 27001 is an appropriate management standard for all sectors of industry and commerce and is not limited to electronic information on computers. It is a common misconception that ISO 27001 and information security is meant only to prevent hackers from gaining access to a computer or network.
On the contrary, the ISO 27001 Information Security Management System standard can be applied to any organization that deals with the security of information whatever form the information may be. For example, a law firm handles a magnitude of information, primarily confidential information. As such, a law firm has a commitment to its clients to protect that information and ensure it remains confidential. By implementing ISO 27001 controls, said law firm can ensure the confidentiality of its clients information.
ISO 27001 addresses the security of all information, whether it is printed, written, stored electronically, spoken, presented in video or audio, or sent via traditional mail or email. ISO 27001 ensures information, no matter how it is transmitted, shared or stored, is always protected in an appropriate manner.
Information security is the safeguarding of:
Protecting information and assets includes implementing mitigating controls that address threats. ISO 27001 assesses threats based on:
The ISO 27001 standard includes multiple controls and control objectives aimed at ensuring the security of information in regards to the above properties (confidentiality, integrity, and availability). These include:
Organizational information, whether customer data, credit card information, intellectual property, or other forms is considered a vital asset for organizations. The confidentiality, integrity, and availability of information allows for organizations to sustain a competitive advantage, cost-effectiveness, a steady cash flow, profitability, legal compliance and a positive reputation.
We have discussed at length the benefits of ISO 27001 certification, the ISO 27001 certification process, risk management, and how long it takes to get certified in previous post. We encourage you to review these post for more information regarding ISO 27001 certification.