ISO 27001 provides a best-practice approach to mitigating cyber security threats faced by firms, as the vast majority of respondents to a new IT Governance survey agree. Alan Calder explains.
With increasing volumes of information stored and transmitted electronically, and online threats growing in number and severity on a daily basis, information security is unquestionably a business critical issue in the modern world.
Every organisation is at risk from attack, and the effects can be catastrophic – whether the immediate expense of firefighting, regulatory fines and legal costs, or the long-term price of reputational damage and lost custom.
The international standard ISO/IEC 27001:2013 sets out the best-practice requirements of an information security management system (ISMS) – a risk-based approach to data security that addresses people, processes and technology.
This approach means that service levels can be defined and monitored internally – as well as in contractor/partner organisations – by demonstrating the extent to which there is effective control of the risks for which directors and senior management are accountable.
This is an extract from an article in the March/April 2015 edition of Chartech, the magazine of the IT Faculty.
Full article is available to IT Faculty members and subscribers of Faculties Online.