Saturday, June 30, 2007

The Benefits of ISO 27001 Implementation

The benefits of standardization, and of implementation of one or more of the ISO 27000 series are wide and varied. Although they tend to differ from organization to organization, many are common.

The following is a list of potential benefits. As with many items on this website, this is an ongoing project. Please feel free to add further points via the comments option below.

Interoperability
This is a general benefit of standardization. The idea is that systems from diverse parties are more likely to fit together if they follow a common guideline.

Assurance
Management can be assured of the quality of a system, business unit, or other entity, if a recognized framework or approach is followed.

Due Diligence
Compliance with, or certification against, and international standard is often used by management to demonstrate due diligence.

Bench Marking
Organizations often use a standard as a measure of their status within their peer community. It can be used as a bench mark for current position and progress.

Awareness
Implementation of a standard such as ISO 27001 can often result in greater security awareness within an organization.

Alignment
Because implementation of ISO 27001 (and the other ISO 27000 standards) tends to involve both business management and technical staff, greater IT and Business alignment often results.

Labels: , ,

posted by ISO 27001 Reporter @ 10:12 AM   0 Comments  

Talking About ISO 27001

A number of forums have emerged over the years to enable peer to peer communiction and dialogue on ISO 27001 and the other ISO 27000 standards.

The major ones are as follows:

The ISO 17799 and 27001 Community Portal
(17799.com)
This is the oldest and the biggest, with around 2,000 members

Yahoo ISO 17799
(tech.groups.yahoo.com/group/iso17799security/)
Whilst not the biggest, this is probably the busiest

Yahoo ISO 27001
(tech.groups.yahoo.com/group/iso-27001/)
Similar to the other Yahoo group, but focused entirely upon ISO 27001

Google Group ISO 27001 Security
(groups.google.com/group/iso27001security)
Directed at the ISO 27000 series.

Google Group ISO 27001
(groups.google.com/group/ISO-27001)
This is related to the ISO 27001 newsletter

MSN ISO 27000 Group
(groups.msn.com/27000UserGroup/)
This covers all of the ISO 2700 series.


Have we missed any? Probably. If you know of any not listed above, please let us know via the comment function.

Labels: ,

posted by ISO 27001 Reporter @ 8:40 AM   0 Comments  

ISO 27000: Where Are We?

The ISO 27000 series of information security standards is a moving feast. This is a 'live page' which will be kept current with the latest situation as we understand it.

ISO 27000
Not yet published. It will define vocabulary and definitions for the rest of the series.

ISO 27001
Published. This is the specification for an ISMS

ISO 27002
Awaiting publication. This will be the rename of ISO 17799.

ISO 27003
Not yet published. This will be an implementation guide.

ISO 27004
Not yet published. This will cover measurement and metrics for information security management.

ISO 27005
Not yet published. This will cover information security risk management, and is likely to be based upon BS7799-3.

ISO 27006
Published. This is a formal guide to the certification and registration process.

ISO 27007
Not yet published. This will cover the audit process for an ISMS

ISO 27031
Not yet published. This standard will cover ICT business continuity planning.

ISO 27032
Not yet published. This is currently a proposed standard for internet security.

ISO 27799
Awaiting publication. This will be the first industry specific version of ISO 27002. It is focused upon the health sector.

Labels: , , , , , , , , ,

posted by ISO 27001 Reporter @ 8:21 AM   0 Comments  

What Is ISO 27001?

In a nutshell it is an ISO standard specifying the requirements for an information security management system. It was published in October 2005, and was based heavily upon the British Standard, BS 7799-2.

ISO/IEC 27001 is often considered to be the prime ISO 27000 standard because it is this against which certification can be sought. It is aligned with other ISO quality management standards, such as ISO 9001 and ISO 14001.

The standard is also intended to drive the selection of adequate and proportionate security controls. Hence the relationship with ISO 27002, which defines individual controls within a code of practice framework.

Labels: ,

posted by ISO 27001 Reporter @ 7:57 AM   0 Comments