White Papers for Gramm Leach Bliley Act (GLBA)
Effective Security with a Continuous Approach to ISO 27001 Compliance
The ISO 27001 standard was published in October 2005 as a replacement to the BS7799-22 standard. It is primarily referred to as the Information Security Management System (IISMS) certification standard.
Organizations that seek to implement an ISMS are examined against ISO 27001. The objective of this standard is to As with several global standards,the scope of this standard is far reaching, with several sets of control objectives and guidelines.Its fundamental purpose is to act as a compendium of techniques for securing IT environments and thus effectively managing business risk as well as demonstrating regulatory compliance. ISO 27001 is recognized internationally as a structured methodology for information security.A widely-held opinion is that ISO 27001 is an umbrella over other standards (such as PCI, SOX, GLBA, HIPAA and COBIT). Companies that choose to adopt ISO 27001 demonstrate their commitment to high levels of information security,as there are 11 major controls in the standard that comprise information security best practices. ISO 27001 does not, however,mandate specific procedures nor define the implementation techniques for gaining certification. Thus,companies being audited for ISO 27001 compliance deal with the same issues that plague companies facing regulatory audits: how to effectively achieve compliance and, following an audit, cost-effectively maintain it.
View the White Paper
Share or bookmarklet this web page at: