Promotions:

FREE Threat Assessment

Find out what is getting through your security systems with a FREE threat assessment

Latest News:

Code Red - The latest zero day vulnerability, the Heartbleed Bug in the OpenSSL cryptographic library. Affects tech providers using OpenSSL's 1.0.1 and the 1.0.2-beta release.

Platform Updates:

Version 1.2: Intrusion Detection

Client Login
Sign on Register Forgot?
  • 01924 919241
Home / Services / ISO 27001 Standard Information Security Management

ISO 27001 Information Security

panosec logo

ISO 27001 Standard Information Security Management

ISO 27001 is a risk based management system to help organisations plan and implement an information security management system.


It assists organisations by providing a managed, structured and a proactive approach to information security, by ensuring the right people with the processes, procedures and technology are in a position to protect information assets collected by a business

Why ISO 27001?

Initially the ISO 27001 helps to minimise possible harm to organisations that can be caused by deliberate or accidental acts.

Information Security is about protecting Information through selection of appropriate Security Controls.

ISO 27001 is not a technical standard that would describe the ISMS into technical detail It does not focus only on information technology, but also on other important assets at the organisation.

  1. Framework that will take account of all legal and regulatory requirements.
  2. Gives the ability to demonstrate and independently assure the internal controls of a company.
  3. Better organisational processes - responsibilities and business processes are clearly defined.
  4. Proves senior management commitment to the security of business and customer information.
  5. Helps provide a competitive edge to the company.
  6. Reduces the amount of time and effort when audited by internal compliance reviews or external audits.
  7. Easier to obtain funding and resources for information security team and security objectives.

Focus on Processes

ISO 27001 Focuses on all business processes and business assets Focuses on reducing the risks for information that is valuable for the organization Information may or may not be related to information technology, may or may not be in a digital form.

Process of ISO 27001 implementation

Phase 1 - Planning Phase

Phase 2 - Implementing

Phase 3 - Checking Phase

Phase 4 - Improving

Information is an asset and like other important business assets, has value to an organisation and consequently needs to be suitably protected.

What is Information?

  • Current Business Plans
  • Future Plans
  • Intellectual Property (Patents, etc)
  • Employee Records
  • Customer Details
  • Business Partners Records
  • Financial Records

The range of risks exists:

  • System failures
  • Denial of service (DOS) attacks
  • Misuse of resources
  • Internet/email /telephone
  • Damage of reputation
  • Espionage
  • Fraud
  • Viruses/spy-ware etc
  • Use of unlicensed software

The ISO 27001 adopts the "Plan-Do-Check-Act" (PDCA)

Plan:

  1. Study requirements
  2. Draft an Information Security Policy
  3. Discuss in Information Security Forum (committee)
  4. Finalise and approve the policy
  5. Establish implementation procedure
  6. Staff awareness/training

Do:

Implement the policy

Check:

Monitor, measure, & audit the process

Act:

Improve the process

ISO 27001: Business Security Policies and Plans created:

  • Current business operations requirements
  • Future business plans and requirements
  • Legislative requirements
  • Obligations and responsibilities with regard to security contained in SLAs
  • The business and IT risks and their management
  • Overall Information Security Management Policy
  • Access control policy
  • Email policy
  • Internet policy
  • Anti-virus policy
  • Information classification policy
  • Use of IT assets policy
  • Asset disposal policy