by: K Gaurav
The basic principal behind ISMS is that any organization can design, maintain and implement a certain set of process to manage risks to its information assets. Information Security Management System standard published in October 2005 by ISO i.e International Organization for Standardization and and the International Electro technical Commission .It is commonly know as ISO 27001 , it's an part of ISO 9000.
ISO/IEC 27001 simply creates a management system for information security, A management system specify all mandatory requirement for ISO 27001 .Those Organizations that shows there self ISO/IEC 27001 standard organizations audited by the ISO audit team.
Many organizations claims to have their own Information management system but with out ISMS, all the management is disorganized and not well structured. ISO/IEC 27001 incorporates the typical "Plan-Do-Check-Act" (PDCA), or Deming cycle, approach:
* The Plan phase is about designing the ISMS, assessing information security risks and selecting appropriate controls.
* The Do phase involves implementing and operating the controls.
* The Check phase objective is to review and evaluate the performance (efficiency and effectiveness) of the ISMS.
* In the Act phase, changes are made where necessary to bring the ISMS back to peak performance.
Information related to any organization is it's assets so why don't secure it by the Information Security Management System and get certified by ISO .ISO 27001 requires that management:
* Systematically examine the organization's information security risks, taking account of the threats, vulnerabilities and impacts;
* Design and implement a coherent and comprehensive suite of information security controls and/or other forms of risk treatment (such as risk avoidance or risk transfer) to address those risks that are deemed unacceptable
* Adopt an overarching management process to ensure that the information security controls continue to meet the organization's information security needs on an ongoing basis.
This article is free for republishing
Published at Sooper Articles - Ezine Articles Directory http://www.sooperarticles.com
ไม่มีความคิดเห็น:
แสดงความคิดเห็น