Iso 27001
Iso 27001
Iso 27001
INFORMATION SECURITY
What is ISO 27001 ?
ISO 27001 is an international standard for information
security management systems (ISMS).
It provides a framework for organizations to manage and
protect their sensitive information, such as financial data,
intellectual property, and customer information.
Adhering to ISO 27001 standards can help organizations
identify and mitigate potential security risks, improve
their overall security posture, and demonstrate their
commitment to protecting sensitive information to
customers and stakeholders.
ISMS
ISMS – Information Security Management Systems is Management assurance mechanism for security of
business information assets from potential security breach.
It relates to all types of information, be it paper based or electronic.
Secure information is one that ensures Confidentiality, Integrity and Availability.
CIA TRIAD
Confidentiality – Ensuring the data security & authorized person only accessing the data/asset.
Integrity – Keeping the data’s completeness, trustworthy and data has not been modified.
Availability – Ensures the Systems and Data that are available to individuals when they need.
PDCA Model applied to ISMS Processes
PLAN
Establish
ISMS
ACT DO
CHECK
The 14 Domains in ISO 27001:2013
ISO 27001 provides a comprehensive framework that helps organizations develop and maintain a
secure ISMS.
by 4 new categories :-
Organizational controls
People Controls
Physical Controls
Technological Controls
Steps to get ISO 27001
Why ISO 27001 ?
Framework that will take account of all legal and regulatory requirements.
Gives the ability to demonstrate and independently assure the internal controls of a
company.
Proves senior management commitment to the security of business and customer
information
Helps provide a competitive edge to the company
Reduces the amount of time and effort when audited by internal compliance reviews or
external audits.
Easier to funding and resources for information security team and security objectives.
Thank You