What is ISO 27001 and 27002?

What is information security?

Let’s say you have a gadget that reads the temperature and humidity in your basement. Every morning at 10 AM and night at 10 PM you, note down the temperature and relative humidity into a notebook. The collection of these numbers and observation is called data. You are collecting data in the form of measurement through observation and reading the numbers from those gadgets. When you process this data into some meaningful form it becomes the information. This information is now organized, structured, and very useful to make decisions. In our example of reading temperature and humidity, the reading shows a pattern when temperature increases it will lead to a decrease in the relative humidity. This information could be sensitive if we change the location from a garage to a nuclear facility. Depending on the classification there could be a requirement to protect that information. An act of protecting this information from unauthorized disclosure, modification, or destruction whether accidental or intentional is called information security.

ISMS Family

ISMS preserves the CIA of Information by applying risk management process.

CIA Triad — three principles

Why is it so important for organizations to get ISO 27001 certification?

ISO 27001 is the only standard for information security management systems. This demonstrates that an organization has identified all its assets, understood the risks, maintain the risk register, have established policies, procedures, guidelines, and baseline, had appropriate security controls to protect from information security breaches. Following are some of the benefits in achieving the certification-

  1. Have a competitive edge against other organizations.
  2. Improved confidence with the existing customers and business partners.
  3. Enhance your organization's brand and reputation.
  4. Stay compliant with regulatory, commercial, contractual, and legal responsibilities.
  5. Increased customer satisfaction.
  6. Improves security posture and prepares for the unknown.
  7. Culture shift by introducing continuous improvement.
  8. Risk-based strategies and monitor the effectiveness of those controls.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Aakif Shaikh, CISSP, CEH, CHFI, CISA, GWAPT

Aakif Shaikh, CISSP, CEH, CHFI, CISA, GWAPT

Over 18 years of experience in a wide variety of technical domains within information security including information assurance, compliance, and risk management.