ISMS Standards Overview
ISO/IEC 27001:2005 is a management standard,
and explains how to build, maintain and improve an Information
Security Management System (ISMS). It is predicated on risk
assessment and the Plan-Do-Check-Act model, which are two vital
ingredients of corporate governance. Thus, ISO/IEC 27001:2005 provides an excellent basis on which to build the management controls
necessary to achieve an organisation’s mission, to manage risk, to
assure effective control and to seek improvements where appropriate.
An ISMS forms part of an organisation's internal control system.
ISO/IEC 27002:2005 is a code of practice for information security
management. It provides 133 information security guidelines
structured under 11 major headings to enable readers to identify the
security controls which are appropriate to their particular business
or specific area of responsibility. As well as giving detailed
security controls for computers and networks, ISO/IEC 27002 also
provides guidance on security policy, staff security awareness,
business continuity planning, and legal requirements.
The ISMS standards are particularly pertinent to corporate
governance in an "e-biz" context, where risk management not only has
to contend with the usual risks of doing business |
but also with rapidly changing IT/Internet risks and multiple legal
jurisdictions. Thus the standards explain how to address the all-to-common and often devastating
business impacts caused by viruses, web-site outages, improper
disclosure of customer account details and incorrect pricing
information.
A growing number of politicians and leaders of industry are now
recognising the importance of these standards. Businesses, notably
throughout Europe and Asia, who
have a desire to flourish in the Information Age are already taking advantage of
ISMS.
Interested?
Click on the following for further details:
In order to buy a copy of the standards, please contact BSI
Customer Services by telephone at (+44) 20 8996 7555 or go to
https://eshop.bsi-global.com/. |
