In depth articles

ISO/IEC 27001 – Information security management system

In brief

The ISO 27001 standard encourages the adoption of a process approach to the implementation, operation, monitoring, re-examination, updating and improvement of a company’s information security management system. Annex A of the standard is ISO/IEC 27002.

The company must identify and manage a number of activities to ensure it is operating efficiently. Any activity involving the use of resources in such a way as to transform input elements into output elements may be considered as a process.

“The process approach” is the name given to the application of a process system within a company, as well as the identification, interactions and management of these processes.

The process approach for information security management system given in the standard highlights the importance of:

understanding the requirements relating to the security of the company’s information and the necessity of introducing a security policy and objectives;
implementing and using security-related risk management measures in the context of the global risks related to the organisation’s activity;
monitoring and re-examining the ISMS’s performances;
continuously upgrading the system based on objective measurements.

In depth articles

▾ ISO/IEC 27000

▹ ISO/IEC 27000 standards

▸ ISO/IEC 27001 – Information security management system

▹ ISO/IEC 27002 Best Practice for Information Management System

▸ Securing Devices

▹ Cloud computing

▹ Protecting your company

▹ Recommendations for Securing a Server Connected to Internet

▹ Recommendations for securing a web server

▹ Recommendations for securing an email server

▹ Sandboxie

▹ Securing a Fixed Network

▹ Securing a file server

▹ Securing a fixed workstation

▹ Securing a wifi network

▹ Securing laptops

▹ Security checklist for PHP web applications

▹ Social Engineering

▹ Why manage risks?

▹ Why pool risk analysis?

ISO/IEC 27001 – Information security management system

In brief