ISO/IEC 27001, part of the growing
ISO/IEC 27000 family of standards, is an
Information Security Management System (
ISMS) standard published in October 2005 by the
International Organization for Standardization (ISO) and the
International Electrotechnical Commission (IEC). Its full name is
ISO/IEC 27001:2005 - Information technology -- Security techniques -- Information security management systems -- Requirements but it is commonly known as "ISO 27001".
All organizations today have to respond to a rapidly changing and increasingly threatening range of information security risks – risks which can, if unmitigated, lead to severe financial, regulatory and reputation damage for organizations. Information security investment and control decisions should be specifically driven by the outcome of a risk assessment process that identifies risks to specific information assets.
Risk assessment is the core competence of information security management. This book provides clear, practical and comprehensive guidance on developing a risk management methodology that meets the requirements of ISO27001, the information security management standard, and how to carry out a risk assessment that will help achieve corporate risk management objectives.
Here is a very good link for templates, study materials and many more things related to ISO 27001.
Follow the link :
ISO 27001 Security
Posts
0 comments
Post a Comment