INFORMATION SECURITY MANAGEMENT- ISO 27001
An ISMS (information security management system) is a framework of policies and procedures that includes all legal, physical and technical controls involved in an organisation’s information risk management processes. Certification to ISO 27001 ensures that information security risks are identified, controlled and managed.
ISO 27001 provide an aid in organisation’s information security risk management process , and has become necessary part of many organisations’ IT governance, risk and compliance (GRC) programmes.
The International Standard also includes a risk assessment process, Access control mechanisms, Information classification, organisational structure, physical and technical safeguards, Information security policies, procedures, monitoring and reporting guidelines.
Organisations need to consider the consequences and likelihood of information security risks and the potential rewards of opportunities when assessing risk. The International Standard also encourages organisations to take risks if the potential rewards are more significant than the potential losses.