ISO 27001

What's ISO 27001:2005 ?

This standard ensures to effective protection of assets and risk controls in accordance with the organization and provide to desired level of protection needs of an organization.

Advantages of  ISO 27001:2005 :

- Creation of enterprise security architecture

- Classification and identification of assets

- roles Establish and responsibilities of security units and personnel

- Manage, monitor and control of programs , goals and projects progress report.

- importance establish of Information in Business

- Establish , develop and maintain of information system.

- security reasons, for exclude some control

- Create a list of information  property , criteria classification, assets group

Definitions :

- Information: set of Data that will be processing.

- Security: protection of information and information systems from unauthorized activities. These activities include access, use, disclosure, reading, copying or recording, destroying, altering, tampering.

- Risk: Combination of the probability of occurrence of an event or exposure, and the possibility to influence the information systems

Proposal of  ISO 27001:2005

- Preparation and Set of the organization's policy and statements .

- Under controlling  , integrating , optimizing  and classification of documents and records

- Establish , develop and maintain of information system.

- Identify and plan for risk and risk management

- Business risk analysis  and Provide to  list of IT processes critical

- strategies  Implementation of risk reduction

- Staff training and security awareness

- Designed to collate with risk, security comprehensive policy , procedures , standards , product selection

- risk reduction plan  , assessment , review of risk mitigation, the report updates

- Security Continual improvement  , reduction of unsuitable  Accidents  and events

- Develop a plan for business continuity and System recovery

- The risk management methodology reports

- Planning , Checklist preparation , perform and record of audit observations  and non- Conformities

- Responsibility , deadlines, implement , review of actions taken and the effectiveness of corrective and preventive actions

- Continual improvement in all organizational units and sectors