IT security according to ISO / IEC 27001
Certification of your IT security
This standard is intended to be applicable to various fields, in particular:
• To formulate information security requirements and objectives
• For cost-effective management of security risks
• To ensure compliance with laws and regulations
• As a process framework for implementing and managing measures to ensure specific information security objectives
• To define new information security management processes
• Identify and define existing information security management processes
• To define information security management activities
• For use by internal and external auditors to determine the level of implementation of policies and standards
Secure Framework, Customized Design: The comprehensive framework of the ISO / IEC 27001 Certification Standard and the ISO / IEC 27002 Implementation Guide enable the introduction of an information security management (ISMS) system from a single source. The structured process approach avoids problems resulting from step-by-step individual measures. Vulnerabilities are systematically evaluated and minimized. The risk analysis shows the individual need for security, whereby profitability is an essential criterion for the implementation of measures.
From implementation to certification
ISO 27001 covers the creation and documentation of ISMS. ISO 27002 contains information on more than 130 safety measures (controls). The standard allows organizations of all sizes and industries to measure, control and audit information security internally. The verification of the ISMS by an independent accredited organization like the CIS will result in the ISO 27001 certification according to the given certification procedure.
Unique worldwide: the certificate
ISO 27001 is the only information security standard in the world that is certifiable, offering veritable competitive advantages and eliminating itemized evidence. The implementation aid is provided by sector-specific and topic-specific sub-standards of the ISO-27k series, which are constantly being further developed. In terms of content, ISO 27001 covers not only technical IT security but also organizational, personnel and physical aspects, from employee awareness to fire protection. Information security begins at your own desk and ends at the fail-safe data center.
Construction of an ISMS according to ISO 27001
1. Security Policy
2. Security Organization
3. Classification / monitoring of installations and stocks
4. Personnel safety
5. Physical and environmental security
6. Management of communication and operations
7. Access control
8. System development and maintenance
9. Incident Management
10. Business Continuity Planning
11. Compliance with obligations