ISO 27001 is the internationally recognized management system standard for information security. It aims to help organizations follow best-practice to keep their information safe.
Why is Information Security Needed?
Information is now globally accepted as being a vital asset for most organizations and businesses. As such the confidentiality integrity, and availability of vital corporate and customer information may be essential to maintain a competitive edge, cash-flow profitability, legal compliance, and commercial image. ISO 27001 is intended to assist with this task. It is easy to imagine the consequences for an organization if its information was lost, destroyed, corrupted, burnt. flooded, sabotaged, or misused. In many cases, it can (and has) led to the collapse of companies.
ISO 27001 is a specification for the management of Information Security. It is applicable to all sectors of industry and commerce and not just confined to information held on computers. It addresses the security of information in whatever form it is held.
The information may be printed or written on paper, stored electronically, transmitted by post or email, shown on films, or spoken in conversation. Whatever form the information takes or means by which it is shared or stored, ISO 27001 helps an organization ensure it is always appropriately protected.
Information security can be characterized as the preservation of:
Confidentiality – ensuring that access to information is appropriately authorized.
Integrity – safeguarding the accuracy and completeness of information and processing methods.
Availability – ensuring that authorized users have access to information when they need it. ISO 27001 contains a number of control objectives and controls. These include:
- Security policy
- Organizational security.
- Asset classification and control.
- Personnel security.