ISO/IEC 27001:2013 is more commonly known simply as “ISO 27001”.
The basics of ISO 27001 Security is an inherent consideration in the way businesses work, and provides a framework for implementing an Information Security Management System (ISMS) that encompasses the policies, procedures and standards that sets out how you run your company.
Step one is the compliance of mandatory clauses four to ten. The key components are:
Leadership: This requires complete buy-in from senior management
Risk: This represents the core of ISO 27001 and encompasses security risk assessment, analysis and treatment.
Engagement: This represents the engagement with everyone responsible for implementing security, promoting awareness, providing training where appropriate, and clearly communicating the security issues, together with documenting processes, procedures and standards.
Operation: the ongoing activity of assessing and reassessing risks on a regular basis.
Evaluation: internal audits and management reviews.
Improvement: proactive improvement to face the ever-changing cyber security threat landscape.
“There are risks and costs to a program of action—but they are far less than the long range cost of comfortable inaction.”
- John F. Kennedy