ISO 27001 – Information Technology Security Management

Many organizations take information security measures or controls to protect their information, information assets and business processes.

However, without a formally specified information security management system (ISMS), these controls are inclined towards disorganization and disconnection, since they are mostly implemented as ad hoc temporary solutions to certain situations.

In this white paper, PECB will discuss the main points of ISO 27001, including:

• Context of the Organization (Clause 4),

• Leadership (Clause 5),

• Planning (Clause 6),

• Support (Clause 7),

• Operation (Clause 8),

• Performance Evaluation (Clause 9)

• Links with other standards and guidelines.

Author

PECB

PECB is a certification body for persons, management systems, and products on a wide range of international standards. As a global provider of training, examination, audit, and certification services, PECB offers its expertise on multiple fields, including but not limited to Information Security, IT, Business Continuity, Service Management, Quality Management Systems, Risk & Management, Health, Safety, and Environment.