ISO/IEC 27001:2005
ISO/IEC 27001:2005 was developed to provide a specification for an ISMS (Information security management system) and the foundation for third-party audits and certifications. It helps companies identify, manage and minimize threats to information. The standard works in tandem with ISO/IEC 17799:2005. Eventually, BS ISO/IEC 27001 will become part of the new ISO/IEC 27000 series. ISO/IEC 27002 and ISO/IEC 27004 will come out in the next few years.
The standard exists so that organizations can launch and maintain effective information management systems, following the concept of continual improvement. It also follows the principles developed by the OECD (Organization for Economic Cooperation and Development) for security of information and network systems.
ISO/IEC 27001:2005 is broken into the following sections:
- Introduction
- Scope
- Normative References
- Terms and Definitions
- Information Security Management System
- Management Responsibility
- Management review of the ISMS
- ISMS improvement.
The standard makes the following suggestions for implementation:
- Define and create an information security policy
- Determine the scope of the information security management system
- Conduct a security risk assessment
- Manage the risk you identify
- Select controls that need to be implemented and applied
- Create an SoA (a "statement of applicability").
ISO/IEC 27001:2005 is synchronized with other management system standards such as ISO 9001 and ISO 14001 and uses the same Plan-Do-Check-Act (PDCA) model found in other standards. ISO/IEC 27001 assures your stakeholders that you adequately address information security within your organization and that you can deal with information security threats.
ISO/IEC 27001:2005 helps organizations with the following:
- management direction and support for information security
- management of information security within the organization
- identification of assets and how to protect them
- reduction of risk due to human error, theft, fraud or misuse of facilities
- prevention of unauthorized access, damage or interference
- management of information processing facilities
- access control
- securing information systems
- counteracting the effects of major failures
- ensuring compliance to laws, regulations and contracts
|
Latest News
ISO 26262 Training for Automotive Hardware and Software Safety Coming to the U.S.
A new upcoming standard (ISO 26262 - Road Vehicles - Functional Safety) was developed to comply with the needs specific to the application sector of E/E systems within motor vehicles. This standard is currently available as an FDIS in 10 parts and is already being applied worldwide in order to develop safe vehicles. It is expected to be released as a formally accepted ISO standard later this year, and is expected to become a mandate for European Automobiles. Click Here
Omnex is now a PMI (Project Management Institute) Global R.E.P
Omnex Inc. announces it is now approved by Project Management Institute as a PMI Registered Education Provider (R.E.P.) effective May 01, 2010. Omnex plans to launch the PMP Classroom program in several cities and countries with immediate effect, followed by the PgMP and RMP courses that will be launched soon. Click here for more information.
 |