ISO
27001:2013 is an international standard published by the International
Standardization Organization (ISO) and the International
Electrotechnical Commission (IEC). ISO 27001:2013 describes how to manage
information security in any organization/company/institution or the like. The
latest revision of this standard was published on 25th Sep, 2013, is titled as
ISO/IEC 27001:2013.
ISO 27001 can be implemented in any kind of
organization/company/institution, profit or non-profit, private or state-owned,
small or large. It was written by the world’s best experts in the field of
information security and provides methodology for the implementation of information
security management in an organization and has been updated to address the
requirements of the changed business scenarios.
ISO/IEC
27001:2013 specifies the requirements for establishing, implementing,
operating, monitoring, reviewing, maintaining and improving a documented
Information Security Management System within the context of the organization's
overall business risks. It specifies requirements for the implementation of
security controls customized to the needs of individual organizations or parts
thereof.
This
ISO standard is designed to ensure the selection of adequate and proportionate
security controls that protect information assets and give confidence to
interested parties
No comments:
New comments are not allowed.