The latest version of ISO / IEC 27001 was published on 01 October 2013. The 2013 version of the standard has been designed to support companies of different sectors and sizes to adapt to developing information security and cyber security threats.
Competitive advantage
Profitability
Image
Compliance with Laws, Regulations, Contract Conditions
Security
Risk awareness
It protects information assets in the most appropriate way for the needs,
Provides business continuity by protecting from threats to information assets.
0 Login
1 Scope
2 Cited standards and / or documents
3 Definitions and terms
4 Structure of the Organization
4.1 Understanding the establishment and structure
4.2 Understanding the needs and expectations of interested parties
4.3 Determining the scope of the Information Security Management System
4.4 Information Security Management System
5 Leadership
5.1 Leadership and commitment
5.2 Policy
5.3 Duty, responsibility and authority
6 Planning
6.1 Actions on Risks and Opportunities
6.2 Information Security Goals and Planning
7 Support
7.1 Resources
7.2 Competence
7.3 Awareness
7.4 Communication
7.5 Documented Information
8 Operation
8.1 Operational planning and control
8.2 Information security risk assessment
8.3 Information security risk processing
9 Performance evaluation
9.1 Monitoring, measurement, analysis and evaluation
9.2 Internal audit
9.3 Management review
10 Improvement
10.1 Nonconformity and corrective action
10.2 Continuous improvement
Annex A Control objectives and controls
Information Security Management System (ISMS): A part of the entire management system based on business risk approach to establish, realize, operate, monitor, review, maintain and improve information security.
Applicability declaration: Documented declaration regarding the ISMS of the organization and explaining the applicable control objectives and controls
Risk Analysis: Systematic use of information to identify sources and estimate risk.
Risk Assessment: The entire process including risk analysis and risk rating.
Risk Rating: The process of comparing the estimated risk with the given risk criteria in order to determine the importance of the risk.
Risk Management: Coordinated activities used to control and direct an organization in relation to risk.
Risk Processing: The process of selecting and implementing the necessary measures to change the risk.
