#  >  > Networking, Hardware, Server Side Technologies >  >  > Networking and Hardware >  >  > Security >  >  What is ISO 27001 and why is it important?

## Shana

Recently I got to know about Information security management System(ISMS) and the importance of ISO 27001 in specifying an ISMS made me think what makes the ISO 27001 so important. Is there anyone who could clear that up for me?
Thank you. :Smile:

----------


## Neo

> Recently I got to know about Information security management System(ISMS) and the importance of ISO 27001 in specifying an ISMS made me think what makes the ISO 27001 so important. Is there anyone who could clear that up for me?
> Thank you.


Day to day in growing digital world we/organizations deal with plenty of information or transmit huge amount of information. We place certain known security measures to protect those information, but we might miss some important measures. ISMS or ISO 27001 is a Information security management framework which includes 10 Mandatory clauses and 114 controls. This framework covers 360 of information security which allows the organizations to secure their valuable data effectively. 

Why ISMS?


It helps manage information in all its forms, including digital, paper-based, intellectual property, company secrets, data on devices and in the Cloud, hard copies and personal information.It helps the company defend itself from technology-based risks and other, more common threats such as poorly informed staff or ineffective procedures.It reduces costs spent on indiscriminately adding layers of additional technology that might not work, due to the risk assessment and analysis approach.It constantly adapts to changes both in the environment and inside the organisation to reduce the threat of continually evolving risks.It makes sure that information security is entrenched in the business, improving the organisational culture and making processes efficient.It focuses on the integrity and availability of data as well as confidentiality. If the data is available but in a format that is not usable because of a system disruption, then the integrity of that data has been compromised; if the data is protected but inaccessible to those who need to use it as part of their job, then the availability of that data has been compromised.It protects the availability of information and critical business processes from the effects of major disasters to ensure their timely resumption.It enables businesses to be significantly more resilient to cyber attacks.Continual improvement, monitoring, internal audits and corrective actions make sure that the controls remain up to date and work properly.

----------


## Shana

> Day to day in growing digital world we/organizations deal with plenty of information or transmit huge amount of information. We place certain known security measures to protect those information, but we might miss some important measures. ISMS or ISO 27001 is a Information security management framework which includes 10 Mandatory clauses and 114 controls. This framework covers 360 of information security which allows the organizations to secure their valuable data effectively. 
> 
> Why ISMS?
> 
> 
> It helps manage information in all its forms, including digital, paper-based, intellectual property, company secrets, data on devices and in the Cloud, hard copies and personal information.It helps the company defend itself from technology-based risks and other, more common threats such as poorly informed staff or ineffective procedures.It reduces costs spent on indiscriminately adding layers of additional technology that might not work, due to the risk assessment and analysis approach.It constantly adapts to changes both in the environment and inside the organisation to reduce the threat of continually evolving risks.It makes sure that information security is entrenched in the business, improving the organisational culture and making processes efficient.It focuses on the integrity and availability of data as well as confidentiality. If the data is available but in a format that is not usable because of a system disruption, then the integrity of that data has been compromised; if the data is protected but inaccessible to those who need to use it as part of their job, then the availability of that data has been compromised.It protects the availability of information and critical business processes from the effects of major disasters to ensure their timely resumption.It enables businesses to be significantly more resilient to cyber attacks.Continual improvement, monitoring, internal audits and corrective actions make sure that the controls remain up to date and work properly.


Wow! That's a lot. Thank you Neo.

----------

