ISO 27001

2006

About the book: Modern IT managers are confronted with an overwhelming number of management frameworks, methods and methodologies–making it difficult to see the wood for the trees. In addition many IT service providers believe they can't be taken seriously if they don't also have a proprietary framework to offer–which makes it even more difficult to find your way through the framework forest.

International Journal for Research in Applied Science and Engineering Technology, 2019

Information and information systems are an important foundation for organizations. Transfer of Organizations information, data and utilization of open networks increase the risks that information and information systems are exposed to. To reduce risks and avoid damages to Organization, security measures must be taken to assure information security. I.

International Journal of Emerging Technology and Advanced Engineering, 2023

ICT security has proven to be important in any organization in dealing with digital data. In implementing data protection, there are several challenges that an organization may encounter such as employee's lack of awareness and education, cybersecurity threats, data breaches, lack of technical infrastructure, and limited resources. To combat internal security threats and encourage employees' security habits every agency, in the different sectors of the government must practice and promote data protection awareness against cybercrimes. To improve the security posture of every public or private organization in the Philippines. This study looked at a newly suggested security management standard that offers a thorough framework for detecting and evaluating risks to ICT (information and communication technology) systems and applications. The proposed standard strongly emphasizes the necessity of ongoing security control monitoring and assessment, frequent recovery plan testing and evaluation, and compliance with the PDCA Model anchored to the ISO/IEC 27001 standard and the Data Privacy Act of 2012. The study examined the suggested standard's main aspects and potential business advantages, including security, compliance, and stakeholder coordination and communication as well as emphasized the difficulties in implementing the suggested standard, including the requirement for significant resources and knowledge. The proposed standard also provides a common language for communication and collaboration among stakeholders, including I.T. staff, business leaders, and external partners. This can help promote a security culture and ensure everyone in the organization works together towards a common goal.

asian-transactions.org

Managing information security should be considered as a focal concern in safeguarding information resource in organizations where Information and Communication Technology (ICT) is heavily used. It is imperative for organizations to use Information Security Management System (ISMS) to effectively manage their information assets. ISMS start with a set of policies that dictate the usage of computer resources. It starts with the "21 essential security controls" of ISO 27001, which give the basic standard requirements of information security management. Our research is concerned with the refinement, assessment and measurement of the application of these controls to organizations. I-SolFramework methodologies were used to integrated domains as a framework for this assessment. The controls are mapped on these domains and subsequently refined into "246 simple and easily comprehended elements". These elements are subject to be reviewed and validated by specialized persons working on the field.

2008 Second International Conference on Emerging Security Information, Systems and Technologies, 2008

The ISO27001:2005, as an information security management system (ISMS), is establishing itself more and more as the security standard in enterprises. In 2008 more than 4457 certified enterprises could be registered worldwide 1 . Nevertheless, the registering an ISMS still says nothing about the quality and performance of its implementation. Therefore, in this article, a method for measuring the performance of the implementation and operation of an ISMS is presented.

2015

Compliance to an Information Security Management System (ISMS) Standard is an effective way to manage information security within an organization. Unfortunately, the task to implement compliance to an ISMS standard is not easy as the description and requirements of a standard are normally complex and difficult to understand. Many US information and communication technology (ICT) projects, including ISMS standardization and ISO 27001 compliance projects, in major organizations faced difficulties and many reported failure and lost billions of dollars (SG, 2003). For example, BCS Review (2001) found that only around one in eight (13%) of ICT ISO 27001 standardization projects were successful implemented. Schwalbe (2010) and Heeks (2003) stated that technical barriers, project owner's absence of understanding-processes, technically savvy aspects, lack of internal ownership, and neglected certain aspect, are major problems that cause the delay for ISMS and ISO 27001 projects.

Security is a hot issue to be discussed, ranging from business activities, correspondence, banking and financial activities; it requires prudence and high precision. Since information security has a very important role in supporting activities of the organization, we need a standard or benchmark which regulates governance over information security. The main objective of this paper is to implement a novel practical approach framework to the development of information security management system (ISMS) assessment and monitoring software, called by I-SolFramework. System / software is expected to assist stakeholders in assessing the level of their ISO27001 compliance readiness, the software could help stakeholders understood security control or called by compliance parameters, being shorter, more structured, high precision and measured forecasting.

Teoría General del Estado