ISO/IEC 27001 Resource Center
Information technology -- Security techniques -- Information security management systems -- Requirements
FAQs

Information security - the protection of information to ensure confidentiality, integrity, and availability.

ISMS - information security management system.

ISMS certification advantages - independent assessment to ensure conformity to the international standard. Assists a company to meet Sarbanes-Oxley, SAS/70, HIPPA, California's privacy laws, and Gramm Leach Bliley Act.






ISO/IEC 27001 Concepts
Activities must follow a well defined and documented method.
Requires a company to specify security goals.
Security measures are the result of a risk analysis.
ISO/IEC 27001 includes security controls and the company must implement the controls that apply to their business.
Continuous verification of all elements.
Continuous improvement of all elements of the security system.

ISO/IEC 17799
A code of practice for information security managers. The standard is important as it documents the best practice security objectives and the associated controls / safeguards that help support the objectives. This standard will be renumbered ISO/IEC 27002.

February 8, 2008

Copyright . www.isoiec27001.com. All rights reserved.