Try our "Help Me AI"
Results 1 to 3 of 3

Thread: What is ISO 27001 and why is it important?

  1. #1
    Status
    Offline
    Shana's Avatar
    Reputed Member
    Join Date
    Apr 2018
    Posts
    757
       Rep Power
    16

    Question What is ISO 27001 and why is it important?

    Recently I got to know about Information security management System(ISMS) and the importance of ISO 27001 in specifying an ISMS made me think what makes the ISO 27001 so important. Is there anyone who could clear that up for me?
    Thank you.

  2. #2
    Status
    Offline
    Neo's Avatar
    Registered Member
    Join Date
    Apr 2018
    Location
    Colombo
    Age
    32
    Posts
    84
       Rep Power
    16
    Quote Originally Posted by Gobi View Post
    Recently I got to know about Information security management System(ISMS) and the importance of ISO 27001 in specifying an ISMS made me think what makes the ISO 27001 so important. Is there anyone who could clear that up for me?
    Thank you.
    Day to day in growing digital world we/organizations deal with plenty of information or transmit huge amount of information. We place certain known security measures to protect those information, but we might miss some important measures. ISMS or ISO 27001 is a Information security management framework which includes 10 Mandatory clauses and 114 controls. This framework covers 360° of information security which allows the organizations to secure their valuable data effectively.

    Why ISMS?


    • It helps manage information in all its forms, including digital, paper-based, intellectual property, company secrets, data on devices and in the Cloud, hard copies and personal information.
    • It helps the company defend itself from technology-based risks and other, more common threats such as poorly informed staff or ineffective procedures.
    • It reduces costs spent on indiscriminately adding layers of additional technology that might not work, due to the risk assessment and analysis approach.
    • It constantly adapts to changes both in the environment and inside the organisation to reduce the threat of continually evolving risks.
    • It makes sure that information security is entrenched in the business, improving the organisational culture and making processes efficient.
    • It focuses on the integrity and availability of data as well as confidentiality. If the data is available but in a format that is not usable because of a system disruption, then the integrity of that data has been compromised; if the data is protected but inaccessible to those who need to use it as part of their job, then the availability of that data has been compromised.
    • It protects the availability of information and critical business processes from the effects of major disasters to ensure their timely resumption.
    • It enables businesses to be significantly more resilient to cyber attacks.
    • Continual improvement, monitoring, internal audits and corrective actions make sure that the controls remain up to date and work properly.

  3. #3
    Status
    Offline
    Shana's Avatar
    Reputed Member
    Join Date
    Apr 2018
    Posts
    757
       Rep Power
    16
    Quote Originally Posted by Neo View Post
    Day to day in growing digital world we/organizations deal with plenty of information or transmit huge amount of information. We place certain known security measures to protect those information, but we might miss some important measures. ISMS or ISO 27001 is a Information security management framework which includes 10 Mandatory clauses and 114 controls. This framework covers 360° of information security which allows the organizations to secure their valuable data effectively.

    Why ISMS?


    • It helps manage information in all its forms, including digital, paper-based, intellectual property, company secrets, data on devices and in the Cloud, hard copies and personal information.
    • It helps the company defend itself from technology-based risks and other, more common threats such as poorly informed staff or ineffective procedures.
    • It reduces costs spent on indiscriminately adding layers of additional technology that might not work, due to the risk assessment and analysis approach.
    • It constantly adapts to changes both in the environment and inside the organisation to reduce the threat of continually evolving risks.
    • It makes sure that information security is entrenched in the business, improving the organisational culture and making processes efficient.
    • It focuses on the integrity and availability of data as well as confidentiality. If the data is available but in a format that is not usable because of a system disruption, then the integrity of that data has been compromised; if the data is protected but inaccessible to those who need to use it as part of their job, then the availability of that data has been compromised.
    • It protects the availability of information and critical business processes from the effects of major disasters to ensure their timely resumption.
    • It enables businesses to be significantly more resilient to cyber attacks.
    • Continual improvement, monitoring, internal audits and corrective actions make sure that the controls remain up to date and work properly.
    Wow! That's a lot. Thank you Neo.

Similar Threads

  1. Replies: 1
    Last Post: 12-24-2018, 10:40 AM

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Who We Are

The Hub Sri Lanka is an online community portal for all the Sri Lankan digital Citizen's to enthusiastically learn and connect with the society by enormously increasing their knowledge and careers through an extensive collaborative marketplace.

Join us
RSS RSS 2.0 XML MAP HTML