An Information Security Management
System (ISMS) is a management system based on a
systematic business risk approach, to establish,
implement, operate, monitor, review, maintain, and
improve information security. It is an organizational
approach to information security. ISO/ IEC 27001 (BS
7799) is a standard for information security that
focuses on an organization’s ISMS.
Objectives of 27001: ISMS?
Information security is the
protection of information to ensure:
– Confidentiality: ensuring that the information is
accessible only to those authorized to access it.
– Integrity: ensuring that the information is accurate
and complete and that the information is not modified
– Availability: ensuring that the information is
accessible to authorized users when required.
Information security is achieved by applying a
suitable set of controls (policies, processes,
procedures, organizational structures, and software
and hardware functions).
Why should we implement ISO 27001?
In today’s business environment,
information is the lifeblood for any organization.
Increasingly, organizations and their information
systems are exposed to security threats from a wide
range of sources, including computer assisted fraud,
surveillance, damage, destruction, fire or flood.
Computer viruses, hacking and denial of service
attacks have become more common and increasingly
Achieving ISO 27001 significantly minimizes the risk
and mitigates the organization against internal human
error or misdemeanor.