Author: Murali Yerramsetty PMP®,ITIL Expert®, ISO/IEC 20000-1:20ll, ISO/IEC 27001:2013 Lead Auditor
Information security management system enforces organization to build security controls across all possible operational corners of business. Having your organization ISMS framework aligned to ISO 27001:2013 standards will enable capabilities and conformance to standard practices across the world and compliance to statutory, regulatory and contractual obligations. There are 7 mandatory clauses, 14 control domains, 35 control objectives, 114 security controls referring to Annex of the ISO 27001:2013 standard.
A breach of organization data and information can lead to severe loss of business, credibility and trust in competitive world. What do you mean by breach of data or information, it is defined as an “identified security incident where in a sensitive, protected and confidential data is transmitted, copied, compromise, stolen by unauthorized means or personnel. The other way of looking at breach is, a security incident which is affecting the availability, integrity and confidentiality of an organization data or information.
What is ISMS in practice?
- Governed by Clauses and Controls.
- Information Security Policy – Management Direction
- Organization of Information Security – Management framework for implementation
- Asset Management – assessment, classification and protection of valuable information assets
- HR security – security for joiners, movers and leavers
- Physical & Environmental Security – prevents unauthorized access, theft, compromise, damage to information and computing facilities, power cuts
- Communications & Operations Management – ensures the correct and secure operation of IT
- Access control – restrict unauthorized access to information assets
- Information systems acquisition, development & maintenance – build security into systems
- Information Security Incident Management – deal sensibly with security incidents that arise
- Business Continuity Management – maintain essential business processes and restore any that fail
- Compliance – avoid breaching laws, regulations, policies and other security obligations
The gap assessment phase of ISMS implementation helps organization to identify gaps that contribute to security breach of data and information. The ISMS implementation brings out methodical approach for organization to stay ahead on information security related incidents and prepares organization ready for certification with respect to standards. An ISO 27001:2013 certification elevates organization capability, confidence to sustain competition in dynamic market and all above its builds trust and value to the customers.