The crucial issue of information security management has set off and is progressing as ISO 27001:2005 on its route towards becoming a much demanded International Standard.  

The British standard, BS 7799 Part 2, is now adopted as ISO 27001:2005 in many countries worldwide and is rapidly becoming a de facto code of practice for the burgeoning e-commerce community. A new ISO 27001:2005 standard based on the fast tracked document will be a very welcome addition to the emerging codes of good practice required for secure and trustworthy e-commerce.  

One world with a common need: a language to address information security management which can communicate between all types of business and in all markets.  Over the last decade, a standard has emerged and is in the process of growing into an International Standard to meet this common one world need.  

“One of the attractions of the ISO 27001:2005 approach is that there are baseline ‘common sense’ controls that can be readily applied and other controls, which the user can select from, depending on the level of risk their information systems are facing.”

• ISO 27001 describe a 5 stage process

  1. Define an information security policy 
  2. Define scope of the information security management system
  3. Perform a security risk assessment
  4. Manage the identified risk
  5. Select controls to be implemented and applied

  Preparation of SOA (a “statement of applicability”). 
  

back