Professional Documents
Culture Documents
Week 3 Research Paper - ISO 27001 - Final
Week 3 Research Paper - ISO 27001 - Final
Anoop Parappully
Introduction
In this research paper, I will analyze the ISO framework, such as ISO 20071, which
safeguard organizational data methodologically and cost-effectively. Also, the following three
topics are investigated and explained in this paper: First, we investigate whether or not ISO
27001 would work well in my current or previous organization. I also analyze its significance as
we perceive it in the organization. Second, we discuss alternative frameworks to ISO 27001 and
explore whether these frameworks are more effective than ISO 27001. Finally, I disclose more
Do you think that ISO 27001 standard would work well in the organization that you cur-
rently or previously have worked for? If you are currently using ISO 27001 as an ISMS
includes legal, physical, and technical controls. These are also part of risk management
processes. ISMS framework is introduced to reduce threats and guarantee enterprise continuity.
It is possible only by proactively restricting the influence of a security violation. ISO 27001 is a
part of ISMS as a specification. ISO 27001 is officially known as "ISO/IEC 27001:2005". ISO
policies equipped our organization with actionable details to determine information safety
3
standards and commitments to enhance our data security strategy. It can be used as a guide
(CERTIFICATE)
As per the certification, “Applied Materials Inc has implemented an Information Security
Management System in accordance with ISO/IEC 27001:2013. This is for the scope of
Development, sales, manufacturing, services, and supporting processes to provide equipment and
4
software to the Semiconductor Systems, Display, and Adjacent Markets. The certificate is valid
from 2020-12-30 until 2022-11-14, Subject to the successful completion of annual periodic
audits.” (CERTIFICATE, p. 1)
organization. It is vital for the Information Security Management System (ISMS) because of the
standards provided by ISO 27001. The main advantage of ISO 27001 is improvising ISMS and
providing procedures to establish, operate, monitor, and maintain. Across the board, ISO 27001
ISO 27001 can fulfill contractual requirements as it complies with laws and
regulations
also guarantees that enterprise security measures align with ISO 27001 standards. We are
1. SCOPE DETERMINATION: This is the phase where the complaint team tries to
understand the business strategies. It is done by having many discussions with decision-
2. GAP ANALYSIS: Security experts perform the gap analysis, implicates asset
map out the security infrastructure of business processes that could exist and in demand.
These experts make an action plan to fulfill the gap in case any deviation from the
requirements occurs.
compliance. There will be a scope with a list of safety and access controls,
communication channels, SOPs, etc., for each team involved. After this, an efficiency
4. INTERNAL AUDIT: In this step, security experts confirm whether the executed rules
and procedures are being pursued within the organization. These trials review the level at
which ISO 27001 has been enforced and its adaption in the organization. Hence it is also
implementer. The security experts get in the auditor for the operation of accreditation.
Are there other frameworks mentioned has been discussed in the article that might
be more effective?
Banking, IT, Finance, and Healthcare handle sensitive data. To demonstrate a point, a
recent study by the Federation of Small Businesses (FSB) revealed that only 2% of partner
enterprises are certified for Cyber Essentials or ISO27001. Even more alarming, only 4% had a
reported incident scenario. Most small companies don’t own the power, resources, or proficiency
to address these issues. It’s a management measure developed as a safety standard for
SMEs. IASME was formed in 2010 and is funded by the government in the UK.
protection and direction via executing a data protection standard. It’s a standard
Monitoring
Change management
7
Backup
Note: IASME is a considerably more cost-effective method. Complete certification to ISO 27001
can cost up to $50,000. In distinction, IASME certification generally costs only a few hundred or
up to $1,500.
framework. This framework is reliable for installing various safety measures that the
industry operates in addressing cyber security dangers ("NIST big data interoperability
framework: Volume 4, security and privacy, version 2," 2018). The security framework
encloses completing an initial review of the present condition of the industry data
protection stance and the protection level of the machines across the network. Set the
results of this review are further integrated with the various activities mandated by the
industry requirements and objectives (Lepofsky, 2014). Some of the immediate benefits
of utilizing this framework contain what is well-aligned with the strategic decision-
with its policies and guidelines. NIST equips its customers with an option to determine
and evaluate risks, and then they will have a clear picture of how to react and reflect on
incidents. The instantaneous advantages are the defense against cyberattacks, malware,
ransomware, and different cyber hazards. NIST and the Cybersecurity Frame compliance
8
can't propose an entire security warranty. They are procedures and policies for creating a
better plan. But the NIST resources are incomparable in one stage. Enterprises always
Has any other research you uncover suggest there are better frameworks to use for ad-
dressing risks?
There are different frameworks associated with ISO 27001, for illustration, Certified
Identity Management professionals (CIMA) and Certified Identity and Access Managers
(CIAM). The most important discipline of the info security field helps in the success of user
identities and their access to the initiative incomes (Montasari & Hill, 2019). The professionals
employ it to support and promote programs for comfortably accessing the data by the organizing
mechanisms and endearing to the users. (CIMP) the program is developed by professionals interested in
resolving organizational tasks regarding project leadership obligations. It contains all the data in an
organization. It even assists in the plotting of corporate objectives to the IT objectives. Also, it is operated
to disseminate the mature standards utilized to estimate an organization's achievement (Monev, 2020).
One of the safety frameworks is the COBIT or the management pursuits for data and connected
operations, and threat administration (Youn, Nam, & Jo, 2020). The COBIT is introductory in presenting
the collection of best practices and rules around IT, which will allow the Corporation to increase
significantly through IT conclusions and mitigate potential risks. These days many organizations are
looking for digital transformation, and there comes COBIT 5. It assists organizations with digital
Employing technologies and techniques to the finest of their knowledge and allowing businesses to
succeed is the motto of digital transformation. Similarly, the introduction of COBIT has obtained many
Conclusion
To conclude this research paper, Organizations ought to enforce ISO 27001 for their
smooth administration of additional sectors. The benefit of ISO 27001 in any organization
recreates a critical part of its victory. For model, it discourages any cyber-attacks; it enables both
customers' and dealers' solitude. Furthermore, it improves the adequate transmission of contracts
within diverse organizations. It globally proposes a methodical approach for the enjoyment and
means that the organization is complete with ISO 27001 standards. The documentation of ISO
27001 supports the community and prevents data gaps, and it is a pleasure in the company's
protection. The pieces of ISMS, which communicate with ISO 27001, are allowed to be noticed.
It is also employed to prevent the resolution of the business using the ISMS strategy (Kobayashi,
et al., 2019).
10
References
Llc, L., & Pires, A. (2021, July 9). IS IASME a viable alternative to ISO 27001 certification?
https://www.lifars.com/2021/07/is-iasme-a-viable-alternative-to-iso-27001-certification/
Team, I. M. (2022, September 1). How does ISO 27001 improve organization's ISMS. Impelsys.
improve-organizations-isms/
https://www.appliedmaterials.com/us/en/corporate-responsibility/reports-and-policies/
certifications.html
Joy, A. (2022, September 27). Understanding NIST compliance: Benefits & Importance.
compliance-its-benefits/#:~:text=The%20Benefits%20of%20Complying%20with
%20NIST&text=The%20immediate%20benefits%20are%20protection,costs
%20associated%20with%20security%20risks
-, I. H., By, -, Ingrid HorvathIngrid Horvath is an IT Security professional with more than five
professional with more than five years of experience in risk management, & here, P. enter
your name. (2022, October 14). Benefits of COBIT 5 that help achieve digital
https://www.invensislearning.com/blog/benefits-of-cobit-5/
11
Pallavi Dutta https://www.kratikal.com/ C, Leader, C. M. and T., & posts, S. author's. (2021,
June 18). The importance of ISO standards in organizations. Kratikal Blogs. Retrieved
https://kratikal.com/blog/organizations-need-iso-27001/#:~:text=Overall%2C%20ISO
%2027001%20helps%20the,like%20GDPR%2C%20SOX%2C%20etc