Insight

Prevent Your Cyber Security On Your Company With ISO 27001

Why Information Security Matter the Most?

The rise of cyber-attacks and data privacy concerns make companies have chosen to mitigate the risk by implementing an Information Security Management System and ISO 27001 has been the international standard that describes best practice for an ISMS. ISO/IEC 27001 provides a robust framework to protect information that can be adapted to all types and sizes of organization.

Appropriate Controls to Tackle Information Security Risks

There are several controls that could be used by companies to handle information security risks which divided into fourteen categories: Information security policies, organization of information security, human resources security, asset management, access control, cryptography, physical and environmental security, operations security, communications security, system acquisition, development and maintenance, supplier relationships, information security incident management, information security aspects of business continuity management, and compliance.

Dig Deeper into the Fourteen Control Sets

Information security policies aims to manage direction and support for information security. Organization of information security establishes information security related roles and responsibilities within the organization. Human resource security is about prior to employment, awareness of information security during employment, termination, and change of employment.

Then, asset management is about responsibility for assets, information classification and media handling. Access control is about the business requirement of access control, user management, user responsibilities, system, and application access control. Cryptography aims to ensure proper and effective use of cryptography to protect the confidentiality, authenticity and/or integrity of information.

After that, physical and environmental security ensures secure physical and environmental areas and equipment. Operations security ensures correct and secure operations of information processing facilities. Communications security is about network security management and information transfer. System acquisition, development and maintenance ensures security requirements, security in development and support processes.

Supplier relationships is about information security in supplier relationships and supplier service development management. Information security incident management ensures a consistent and effective approach to incidents, events, and weaknesses. Information security aspects shall be embedded in the organization’s business continuity management system. Compliance is about compliance with legal and contractual requirements.

Benefits of Implementing ISO/IEC 27001

ISO 27001 provides a strong framework to protect information which have significant benefits divided into three areas: Firstly, commercial: have an ISO 27001 certified ISMS is a key requirement for sustaining and increasing. Secondly, operational: the holistic approach of ISO 27001 supports the development of an internal culture that is alert to information security risks and has a consistent approach to dealing with them. Lastly, peace of mind; comply with ISO 27001 can enhance an organization’s image and give confidence to its customers.

Conclusion

ISO/IEC 27001 provides a robust framework with several controls which divided into fourteen categories to protect information that can be adapted to all types and sizes of organization that if done effectively, it will provide benefits of three areas: commercial, operational, and peace of mind.

References

ISO 27001 Annex A Controls. (n.d.). Retrieved from https://www.isms.online/iso-27001/annex-a-5-information-security-policies/
Russell, J. (n.d.). ISO/IEC 27001:2013 Implementation Guide. NQA. Global Certification Body.
Tariq, M. I., & Santarcangelo, V. (2016, February). Analysis of ISO 27001: 2013 Controls Effectiveness for Cloud Computing. In International Conference on Information Systems Security and Privacy (Vol. 2, pp. 201-208). SCITEPRESS.


Visit Our Office

AXA Tower 37th Floor
Jln. Prof. Dr. Satrio Kav.18 Setiabudi, Kuningan
South Jakarta, 12940 Indonesia

Let's Talk

Phone: +6221 300 56 123
Fax: +6221 300 56 124

Social Media

Instagram: @multimatics
Facebook: Multimatics_ID
LinkedIn: Multimatics ID