You have a web presence, you keep sensitive information on your customers and your business on your computer system, and you need an information security system that will keep your data protected! The ISO/IEC 27000 series of standards was developed to support your efforts to implement an effective Information Security Management System (ISMS). And now the new ISO/IEC 27002 2nd Edition update has just been released. Titled “Information technology – Security techniques – Code of practice for information security controls,” this standard is the guidance document for any organization wishing to implement commonly accepted information security controls.
How can you determine the requirements of your security system? The standard suggests there are 3 sources of criteria. First is the assessment of risk, that is identifying vulnerabilities and the costs associated with breaches of those areas. Secondly, one needs to be aware of legal and regulatory requirements in the areas one operates. And thirdly, one should consider the ethos of the business itself — the underlying principles, objectives and business requirements that guides the business decisions overall.
Once you understand what you’re up against, you’ll use the ISO/IEC 27002 to develop your own guidelines. It covers the complete gamut of issues to consider — from human resource security (I think you may of heard of this one lately!) to cryptographic controls to physical and environmental security.
For each of these issues, the standard provides a statement defining the objective and a review of policies to support that objective. This structure provides a control objective with corresponding guidance on specific detailed information to support implementation. The authoring committee of the standard, JCT1, covers 14 unique areas for an organization to consider when developing the ISMS.
Information has a lifecycle, from collection to storage and even destruction. No entity can ignore the value of the information it generates in the course of it’s activities. The ISO/IEC 27000 series provides the structural basis for confirming you are aligned with current best practices. Face it, developments in technology mean that management is constantly challenged to protect an essential asset of the organization. The new and revised controls that are in the new ISO/IEC 27002 can help you meet your regulatory and customer expectations.
And if you’re certified to the ISO/IEC 27000 scheme, you need to know about the new ISO/IEC 27001 2013 revision. Today’s companion blog ISO/IEC 27001 – How to set up your Information Security System covers the update. This requirements document is the one you use for certification, so the changes will impact your business!
For your copy of this new standard, use Document Center’s webstore, www.document-center.com. You can purchase the new update in both paper format and for pdf download. Or you can contact us by phone (650-591-7600), fax (650-591-7617) or email (info@document-center.com). We’ve been an authorized dealer of the ISO and IEC standards since the 1980’s. We have all current editions and many obsolete ones as well. Our knowledgeable sales staff will be happy to assist you with any questions or comments you may have. Make us your Standards Experts!
