Glossary- ISO 27001 security standard

The ISO 27001 standard is a set of requirements that are provided to Information Security Management Systems (ISMS) by the International Electrotechnical Commission (IEC) and the International Organization for Standardization (ISO). This ISO 27001 security standard is a combined set of best practices that support various organizations in effectively managing their information security by addressing the people, processes, and technology that come in contact with them. This security standard applies to organizations of all sizes or types and is both technology and vendor-neutral.

The IEC/SOC 27001 security standard established a risk-based approach to information security and required organizations to identify potential security risks relevant to their organization based on the space in which they operate. It also requires them to choose the appropriate controls to address and avoid those potential risks.

 In totality, ‍ISO 27001 comprises 114 security controls that are divided into 14 different categories. There is no standard requirement to implement the complete list of these mentioned controls. However, there are possibilities for an organization to consider based on its specific needs. These 14 categories are:

  1. Compliance
  2. Information security policies
  3. Human resource security
  4. Supplier relationships
  5. Information asset management
  6. Employee access control
  7. Physical and environmental security
  8. Operations security
  9. Communications security
  10. System acquisition, development, and maintenance
  11. Encryption and management of sensitive information
  12. Organization of information security and assignment of responsibility
  13. Information security incident management
  14. Information security aspects of business continuity management

Hence, it can be said that SO 27001 is a world-class security standard that can provide support to any organization in establishing its security practices for potential clients. The full security standard offers a wide range of security controls an organization can implement to ensure that its information security approach is fully comprehensive and effective.

See Scrut in action!