ISMS can be defined as the processes used by management to organize and coordinate security activities like governance, risk management, continuous improvement, internal audit, record keeping, document management, compliance management, communications, and awareness training. ISMS is defined in detail within mandatory clauses 4 - 10.
ISMS mitigates a series of common risks to information management but applying an internationally set of control objectives listed in Annex A. Annex A is an appendix of ISO 27001. Annex A control objectives are discretionary and can be risk justified in or out of scope.
There are over 140 contributing countries and thousands of information security professionals over a period of two years that rationalized and contributed to the latest version ISO 27001:2013. Since its inception in 1995 as BS7799 and then ISO 17799 there have been thousands more to establish ISO 27001 as the only internationally accepted information security management framework standard.
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.