Introduction
Assessing information security risks is one element of a broader set of risk management activities. Other elements include establishing a central management focal point, implementing appropriate policies and related controls, promoting awareness, and monitoring and evaluating policy and control effectiveness.
Some Benefits of ISO 27001
Brings your company in compliance with legal, regulatory, and statutory requirements.
Increases vendor status of your organization.
Increase in overall organizational efficiency and operational performance.
Minimizes internal and external risks to business continuity.
ISO 27001 certification is recognized on a worldwide basis.
Significantly limits security and privacy breaches.
Reduces operational risk while threats are assed and vulnerabilities are mitigated.
What can be tested?
Information
Intangibles such as IP, brand, reputation
People such as employees, temporary staff, etc
Hardware such as servers, workstations, network devices, etc
Purchased or in-house softwares
Services - the actual services provided to end users
