ISO 2700x Enterprise Information Security Standards
Page content
ISO 2700x Security Standards for Your Company
- ISO 2700x series is the control and certification for information security in the enterprise.
Companies need to seek this certification to obtain quality and compliance in their Information Technology / Information Systems departments. - ISO 17799 has been renamed to ISO 27001.
This renaming was initiated and processed by ISO.These information security standards now fall under a common naming structure known as the ‘ISO 27000 series’. - ISO 27002 gives some guidance and provides a section that provides these items:
- Intellectual Property Rights
- Safeguarding of organizational records
- Data protection and privacy
- Information security policy
- Information security responsibilities alocation
- Information security education and training
- Reporting security incidents such as breaches
- Business continuity management (Disaster Recovery and Planning)
The Certification Process
There are a several organizations accredited to grant certification against ISO 27001.
ISO 27001 works with ISO 9000 and ISO 14000.
Originally a BSI/DISC committee, which included representatives from a wide section of industry and commerce. It was reviewed subsequently by an ISO (International Standards Organization) committee and ultimately emerged through the ISO publication process.
BS7799-2, the original specifications for information security management system changed to ISO 27001 during the fourth quarter of 2005.
The Certification Process
- A company decides to implement ISO 27001
- Company assigns management committee
- Company committee creates a Information Security Policy and Delivers Policy Documentation
- Committee defines ISMS Delivers ISMS Scope Documentation
- Identify main threats, risk, vulnerabilities and impacts Perform Risk Assessment for scope of ISMS Produces RA Documentation
- Company Approach to Risk Management Committee decides how to handle RM Agree and Document Accountability and Responsibilities
- Controls and Guidance from 17799 (+ other controls) Select Objectives and Controls Prepare SoA
- Implement Controls
- Ask for Certification (Correct as needed until certified)
These type of standards should be undertaken by all companies to insure information security standards are in place and on-going.