Registration Assessment ISO 27001:2013
ISO/IEC 27001, part of the growing ISO/IEC 27000 family of standards, is an Information Security Management System (ISMS) standard published in October 2005 by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC).
ISO 27001: This International Standard covers all types of organizations (e.g. commercial enterprises, government agencies, non-profit organizations). This International Standard specifies the requirements for establishing; implementing, operating, monitoring, reviewing, maintaining and improving documented ISMS within the context of the organization's overall business risks. It specifies requirements for the implementation of security controls customized to the needs of individual organizations or parts thereof.
The ISMS is designed to ensure the selection of adequate and proportionate security controls that protect information assets and give confidence to interested parties
AWARNESS:
. The quality or state of being secure to be free from danger
. Security is achieved using several strategies
. Security is achieved using several strategies simultaneously or used in combination with one another
. Security is recognized as essential to protect vital processes and the systems that provide those processes
. Security is not something you buy, it is something you do
. The architecture where an integrated combination of appliances, systems and solutions, software, alarms, and vulnerability scans working together
. Monitored 24x7
. Having People, Processes, Technology, policies & procedures
. Security is for PPT and not only for appliances or devices
RISK?
Risk: A possibility that a threat exploits vulnerability in an asset and causes damage or loss to the asset.
THREAT
Threat: Something that can potentially cause damage to the organization, IT Systems or network. |
