Title: Why Information Security is needed for your business?
1ISO 27001 2013
Why Information Security is needed for your
business?
www.iso-27001-it-security-management.com
2ISO 27001 Information security management is
associate in primary example of best apply in
data security for any business, no matter its
size, and might result in important value
savings. The international standard ISO 27001
covers the design, implementation, basic
improvement of a information security management
system. It's solid generally terms, applicable to
any size of organization, and depends on human
experience for its application in an exceedingly
specific case. Its sister standard ISO 27002,
could be a code of apply for data security,
typically used along with it. ISO/IEC 27001 uses
a risk-based approach, which helps to
custom-tailor information security measures to
the size and the risk situation of a company.
Smaller companies or companies in a low risk
market are not required to implement the same
measures as companies facing high risks. This
makes the standard achievable both for small
companies and worldwide enterprises.
3Information Security Management System ISO/IEC
27001
- ISMS provides a framework to establish,
implement, operate, monitor, review, maintain and
improve the information security within an
organization - Implement effective information security that
really meets business requirements - Manage risks to suit the business activity
- Manage incident handling activities
- Build a security culture
- Conform to the requirements of the Standard
4(No Transcript)
5Why Information Security is needed?
- Organizations and their information systems and
networks are faced with security threats from a
wide range of sources, including - Computer-assisted fraud
- Sabotage
- Vandalism
- Fire or flood
- Hacking
- Denial of service attacks
- Important to both public and private sector
businesses - IS functions as an enabler e.g. to achieve
e-government or e-business - IS that can be achieved through technical
means is limited, and should be supported by
appropriate management and procedures
6(No Transcript)
7Benefits of ISMS
- Assurance through discipline of compliance
- Risk management
- Secure environment (protection of IPRs)
- Minimize security breaches (continuity of
business) - Increase trust customer confidence business
opportunities
8Asset Identification and Classification
- Establishing the context of the danger assessment
includes determinant the connection of functions
with data assets and setting risk assessment
criteria. This section provides the background
data needed to conduct the assessment. Data
Assets that include -
- Networking equipments,
- Digital documents,
- Paper-base documents,
- Communication equipments,
- Alternative physical assets
- Hardware
- Software
- Services
9Like us on Social Sites
www.iso-27001-it-security-management.com
Visit Site