Professional Documents
Culture Documents
Information
Confidentiality
Integrity
Availability
Information is an
Sy
es s Fa ste
A cc ilu m
te o l
o r re s
Rem Cont
Asset
at ybe s/
C use
ta r
r
ck
Vi
Thr
Theft
e
Data
Threat
at
at
re
Th
Information Security
protects assets from wide range of threats
in order to ensure business continuity,
minimize business damage and maximize
ROI and business opportunities
Why do you need a management code of
practice and a standard?
PDCA cycle
Dr Edwards Deming
ISO 27001 is NOT
• about IT Controls
• on how to implement the stated controls
• on total enterprise Risk management
• about reacting to information security incidences or failures
• about aimlessly introducing security controls even though
‘best practices’
Challenges in implementing ISO 27001
Reference : http://www.iso27001certificates.com/
BS 25999 is on
Business
Continuity
Management
BS 25999
• BS25999 part 1 – code of practice (released
in Dec last year) Part 2 – BCM Specifications
released on November 20th 2007
• Specify Best Practice and not the general practice