Implementing and Continously Improving an InfoSec Framework

An effective Information Security Framework:

  • Provides management with a clear picture of Information Security risks.
  • Accounts for the detection, containment and learning from security incidents.
  • Includes an independent assessment of the security posture of the organization.
  • Is a management system, which is much more than a set of controls.

ISO 27001 is a baseline reference for what it was created: An Information Security Management System. Beyond the requirements for specific controls mentioned in Annex A, ISO 27001 provides guidance on how to identify information security assests or what to protect, perform a security risk assessment, select controls using a risk-based approach and monitoring the effectiveness of controls. For more information see ISO 27001 a blueprint for success.

Leave a Reply

Your email address will not be published. Required fields are marked *