CHAPTER 11: LEVERAGING ISO27001
The International Standard for best practice in information security management is ISO/IEC 27001. This standard provides a detailed specification for how an organisation should select information security controls, on the basis of a risk assessment, to counter threats to the confidentiality, integrity and availability of the organisation’s information assets.
The Standard is written to be technology neutral and sector agnostic; it is as applicable to large organisations as to small, and to the private sector, the public sector and the third, or voluntary, sector. Any organisation that complies with the Standard can have its management system audited by an accredited third party certification body and will then ...
Get Selling Information Security to the Board now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
