Implementing and Continously Improving an InfoSec Framework

October 22, 2016 Berny Gutierrez 0 Comment

An effective Information Security Framework:

Provides management with a clear picture of Information Security risks.
Accounts for the detection, containment and learning from security incidents.
Includes an independent assessment of the security posture of the organization.
Is a management system, which is much more than a set of controls.

ISO 27001 is a baseline reference for what it was created: An Information Security Management System. Beyond the requirements for specific controls mentioned in Annex A, ISO 27001 provides guidance on how to identify information security assests or what to protect, perform a security risk assessment, select controls using a risk-based approach and monitoring the effectiveness of controls. For more information see ISO 27001 a blueprint for success.

The World Needs Better Information Security →

Leave a Reply Cancel reply