27 August 2009
BSI, the UK’s leading standards and assessment body, has published a new standard which complements the internationally recognized and certifiable information security standard, BS ISO/IEC 27001, and offers support for organizations interested in protecting their information assets.
BS ISO/IEC 27000:2009 provides an introduction to information security management systems (ISMS), an overview of existing standards and terms and definitions used in the ISMS family of standards. Developed by the International Organization for Standardization with input from BSI in the UK, the standard also provides a description of the Plan-Do-Check-Act process, used in the implementation of all management system standards.
By using information security standards, an organization can develop and implement a framework for managing the security of its information assets, thereby treating and handling risks effectively. An ISMS provides a model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving the protection of information assets. Implementation of an ISMS can be used by public and private sector organizations to apply consistent and mutually-recognizable information security principles. Types of information can include financial information, intellectual property, and employee details.
Mike Low, Director, Standards, BSI, said, “All information held and processed by an organization is subject to threats of attack and natural incidents. Over the past few years information security has become a boardroom issue and there are now numerous standards available to help organizations implement a framework for managing security of their information assets. ISO 27000 puts the existing family of international information security standards in context and provides an overview of this important area.”
Visit the BSI Shop for more information or to buy the BS ISO/IEC 27000:2009 standard.
- ENDS -