(broken link removed)
Ref.: 976
27 October 2005
State-of-the-art information security management systems with new ISO/IEC 27001:2005 standard
Information security flaws can result in escalating financial losses and wreak havoc with business operations. The newly published ISO/IEC 27001:2005 standard for information security management systems can help organizations plug existing leaks and prevent future threats.
"The publication of ISO/IEC 27001:2005 is a big event in the world of information security and the standard has been eagerly awaited," said Ted Humphreys, Convenor of the working group responsible for managing the development of the standard. "It is a standard that all security-conscious organizations should look to implement."
ISO/IEC 27001:2005 can be used by a broad range of organizations – small, medium and large – in most of the commercial and industrial market sectors: finance and insurance, telecommunications, utilities, retail and manufacturing sectors, various service industries, transportation sector, governments and many others.
The implementation of ISO/IEC 27001:2005 will reassure customers and suppliers that information security is taken seriously within the organizations they deal with because they have in place state-of-the-art processes to deal with information security threats and issues.
Information is an asset, which, like other important business assets, adds value to an organization and consequently needs to be protected. Information security protects information from a wide range of threats in order to ensure business continuity, minimize business damage and maximize return on investments and business opportunities. An Information Security Management System (ISMS) is a systematic approach to managing sensitive company information so that it remains secure. It encompasses people, processes and IT systems.
ISO /IEC 27001:2005, Information technology – Security techniques – Information security management systems – Requirements, specifies the processes to enable a business to establish, implement, review and monitor, manage and maintain an effective ISMS.
ISO/IEC 27001:2005 integrates the process-based approach of ISO's management system standards – ISO 9001:2000 and ISO 14001:2004 – including the Plan-Do-Check-Act (PDCA) cycle and requirement for continual improvement.
The new standard forms a complementary pair with the recently published ISO/IEC 17799:2005 "code of practice" on information security management.
Organizations that so wish can have their information security management systems independently certified as conforming to the requirements of ISO/IEC 27001:2005, although certification is not a requirement of the standard.
Up to now, organizations that wished to have their ISMS certified have done so in conformity with the British Standard BS 7799 Part 2. This is now possible against ISO/IEC 27001:2005, which is an International Standard.
ISO/IEC 27001:2005, Information technology – Security techniques – Information security management systems – Requirements, costs 124 Swiss francs and is available from ISO national member institutes (see the (broken link removed)) and from the ISO Central Secretariat (see below). It was developed by ISO/IEC Joint Technical Committee JTC 1, Information technology, Subcommittee SC 27, Security techniques, Working Group WG 1, Requirements, security services and guidelines.
ISO Store: to order (broken link removed)
and
ISO/IEC 17799:2005 Information technology – Security techniques – Code of practice for information security management
Press contact:
Ms. Elizabeth Gasiorowski-Denis
Journalist and Editor, ISO Focus
Public Relations
Tel. +41 22 749 01 11
Fax +41 22 733 34 30
E-mail gasiorowski@iso.org
For more information:
Convenor of ISO/IEC JTC 1/SC 27/WG 1:
Mr. Ted Humphreys
Tel. +44 1473 626 615
E-mail tedxisecltd@aol.com
Enquiries about orders:
Ms. Sonia Rosas Friot
Marketing Services
Tel. +41 22 749 03 36
Fax +41 22 749 09 47
E-mail sales@iso.org
Ref.: 976
27 October 2005
State-of-the-art information security management systems with new ISO/IEC 27001:2005 standard
Information security flaws can result in escalating financial losses and wreak havoc with business operations. The newly published ISO/IEC 27001:2005 standard for information security management systems can help organizations plug existing leaks and prevent future threats.
"The publication of ISO/IEC 27001:2005 is a big event in the world of information security and the standard has been eagerly awaited," said Ted Humphreys, Convenor of the working group responsible for managing the development of the standard. "It is a standard that all security-conscious organizations should look to implement."
ISO/IEC 27001:2005 can be used by a broad range of organizations – small, medium and large – in most of the commercial and industrial market sectors: finance and insurance, telecommunications, utilities, retail and manufacturing sectors, various service industries, transportation sector, governments and many others.
The implementation of ISO/IEC 27001:2005 will reassure customers and suppliers that information security is taken seriously within the organizations they deal with because they have in place state-of-the-art processes to deal with information security threats and issues.
Information is an asset, which, like other important business assets, adds value to an organization and consequently needs to be protected. Information security protects information from a wide range of threats in order to ensure business continuity, minimize business damage and maximize return on investments and business opportunities. An Information Security Management System (ISMS) is a systematic approach to managing sensitive company information so that it remains secure. It encompasses people, processes and IT systems.
ISO /IEC 27001:2005, Information technology – Security techniques – Information security management systems – Requirements, specifies the processes to enable a business to establish, implement, review and monitor, manage and maintain an effective ISMS.
ISO/IEC 27001:2005 integrates the process-based approach of ISO's management system standards – ISO 9001:2000 and ISO 14001:2004 – including the Plan-Do-Check-Act (PDCA) cycle and requirement for continual improvement.
The new standard forms a complementary pair with the recently published ISO/IEC 17799:2005 "code of practice" on information security management.
Organizations that so wish can have their information security management systems independently certified as conforming to the requirements of ISO/IEC 27001:2005, although certification is not a requirement of the standard.
Up to now, organizations that wished to have their ISMS certified have done so in conformity with the British Standard BS 7799 Part 2. This is now possible against ISO/IEC 27001:2005, which is an International Standard.
ISO/IEC 27001:2005, Information technology – Security techniques – Information security management systems – Requirements, costs 124 Swiss francs and is available from ISO national member institutes (see the (broken link removed)) and from the ISO Central Secretariat (see below). It was developed by ISO/IEC Joint Technical Committee JTC 1, Information technology, Subcommittee SC 27, Security techniques, Working Group WG 1, Requirements, security services and guidelines.
ISO Store: to order (broken link removed)
and
ISO/IEC 17799:2005 Information technology – Security techniques – Code of practice for information security management
Press contact:
Ms. Elizabeth Gasiorowski-Denis
Journalist and Editor, ISO Focus
Public Relations
Tel. +41 22 749 01 11
Fax +41 22 733 34 30
E-mail gasiorowski@iso.org
For more information:
Convenor of ISO/IEC JTC 1/SC 27/WG 1:
Mr. Ted Humphreys
Tel. +44 1473 626 615
E-mail tedxisecltd@aol.com
Enquiries about orders:
Ms. Sonia Rosas Friot
Marketing Services
Tel. +41 22 749 03 36
Fax +41 22 749 09 47
E-mail sales@iso.org
) as a lot of folks seem to be struggling with the different numbers.