New ISO 27000:2016

The recently revised ISO 27000:2016, Information technology – Security techniques – Information security management systems – Overview and vocabulary, gives a comprehensive view of information security management systems (ISMS) and defines related terms and definitions.

All information held and processed by an organization is subject to the risks of attack, error, and natural disaster, and other vulnerabilities inherent to its use. Information security is therefore at the heart of an organization’s activities and focuses on information that is considered a valuable “asset” requiring appropriate protection, for example against the loss of availability, confidentiality, and integrity.

The ISMS family of standards lets organizations develop and implement a robust framework for managing the security of their information assets, including financial data, intellectual property, employee details, and information otherwise entrusted to them by customers or third parties.

Protecting its information assets through defining, achieving, maintaining, and improving security levels is essential for an organization to meet its objectives and strengthen its legal compliance and image. The coordinated activities needed to direct the implementation of suitable controls and mitigate unacceptable information security risks are part of what is known as information security management.

ISO 27000 gives a high-level overview of the ISMS family of standards, how they support the implementation of requirements contained in ISO 27001, Information technology – Security techniques – Information security management systems – Requirements, and how they relate to each other.

The standard lays down the key factors of a successful implementation and the numerous benefits of using the ISMS family of standards. It provides an understanding of how the ISO 27001 family fits together through its multi-faceted approach, clarifying the standards’ scopes, roles, functions, and relationship to each other. In addition, ISO 27000 gathers in one place all the essential terminology used in the ISO 27001 family.

NOTE: If you are interested in having our 1.5 day “ISO 27001:2013 Requirements” course taught onsite at your facility, please contact Larry Whittington at larry@whittingtonassociates.com.