Mapping guides

ISO 27001 & FairWarning: How it Works

Issue link:

Contents of this Issue


Page 0 of 9

Background on the ISO/IEC 27001:2013 Standard ISO/IEC 27001:2013 is an international standard that describes best practices for an information security management system (ISMS). As defined by the ISO organization, the ISO standards "will help your organization manage the security of assets such as financial information, intellectual property, employee details or information entrusted to you by third parties." It is commonly known as ISO 27001 (ISO = Intranational Organization for Standardization). The ISO organization is based in Geneva, Switzerland. The most recent version of the ISO 27001 standard was published in September 2013. Purpose of an Information Security Management System An information security management system (ISMS) is a set of frameworks that contain policies and procedures for tackling security risks in an organization. The focus of an ISMS is to ensure business continuity by minimizing all security risks to information assets and limiting security breach impacts to a bare minimum. The ISO 27001 standard describes how an ISMS can be built at an organization. Through implementation, it requires the organization to develop a set of information security rules, responsibilities, and controls, which then enable the organization to manage its complex systems and the security risk that arises from them. Other ISO Standards In addition to ISO 27001, there is the ISO 27002 standard. Whereas the ISO 27001 standards states and defines the audit requirements, ISO 27002 provides best practice recommendations on the implementation of information security management by those who are responsible for implementing or maintaining the ISMS. As the ISO Organization states, the ISO 27002 is a "code of practice - a generic, advisory document, not a formal specification such as ISO/IEC 27001". ISO 27002 recommends information security controls addressing information security control objectives arising from risks to the confidentiality, integrity, and availability of information. The items in ISO 27002 are the same as items in ISO 27001's Annex A. Each control from Annex A exists in ISO 27002, together with a more detailed explanation of how to implement it. FairWarning ® Mapping to ISO/IEC 27001

Articles in this issue

Links on this page

view archives of Mapping guides - ISO 27001 & FairWarning: How it Works