An Information Security Management System (ISMS) is a systematic approach to managing sensitive company information so that it remains secure. It encompasses people, processes and IT systems.
ISO 27001:2013 is a specification for the ‘’ Management of Information Security’’.The ISO 27001 : 2013 standard was published in October 2005, essentially replacing the old BS7799-2 standard. It is the specification for an ISM, an Information Security Management System..
ISO/IEC 27001:2013 (formerly BS 7799-2:2002) establish best practices to “provide a model for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving an InformationSecurity Management System”.
Addressing information security risks in order to improve an organization’s results is a matter of being well prepared. Information security systems are often regarded by organizations as simple checklists or policies and procedures that deny them a lot of things, far from the way they do their normal business. By sticking to these beliefs, organizations prevent themselves from properly building an ISMS (Information Security Management System) and achieving its full potential, either in operational and financial performance, or marketing reputation
The ISO 27001:2013 standard provides guidance and direction for how an organization, regardless of its size and industry, should manage information security and address information security risks, which can bring many benefits not only to the organization itself, but also to clients, suppliers, and other interested parties.
ISO 27001:2013 contains a number of control objectives and controls and these include:
- Security policy
- Organizational security
- Asset classification and control
- Personnel security
- Physical and environmental security
- Communications and operations management
- Access control
- System development and maintenance
- Business continuity management
- Comforts customers, employees, trading partners and stakeholders – in the knowledge that your management information and systems are secure.
- Management Understanding of the Value of Organisational Information
- Business Partner Confidence, Satisfaction and TRUST
- Organisational Effectiveness of Communicating Security Requirements