ISO/IEC 27001

INFORMATION SECURITY
What is ISO 27001 ?
 ISO 27001 is an international standard for information
security management systems (ISMS).
 It provides a framework for organizations to manage and
protect their sensitive information, such as financial data,
intellectual property, and customer information.
 Adhering to ISO 27001 standards can help organizations
identify and mitigate potential security risks, improve
their overall security posture, and demonstrate their
commitment to protecting sensitive information to
customers and stakeholders.
ISMS
 ISMS – Information Security Management Systems is Management assurance mechanism for security of
business information assets from potential security breach.
 It relates to all types of information, be it paper based or electronic.
 Secure information is one that ensures Confidentiality, Integrity and Availability.

CIA TRIAD
Confidentiality – Ensuring the data security & authorized person only accessing the data/asset.
Integrity – Keeping the data’s completeness, trustworthy and data has not been modified.
Availability – Ensures the Systems and Data that are available to individuals when they need.
PDCA Model applied to ISMS Processes

PLAN

Establish
ISMS

ACT DO

Implement & Maintain & Improve

Operate ISMS ISMS

Monitor & Review

the ISMS

CHECK
The 14 Domains in ISO 27001:2013
ISO 27001 provides a comprehensive framework that helps organizations develop and maintain a
secure ISMS.

1. Information Security Policy 9. Communications Security

2. Organization of Information Security 10. System Acquisition, Development and
3. Risk Assessment and Treatment Maintenance
4. Asset Management 11. Supplier Relationships
5. Access Control 12. Compliance with Legal Requirements and
6. Cryptography Industry Standards
7. Physical Security 13. Information Quality Management
8. Operations Security 14. Risk Monitoring and Review
ISO 27001:2022

14 Categories Controls have been replaced

by 4 new categories :-

 Organizational controls

 People Controls

 Physical Controls

 Technological Controls
Steps to get ISO 27001
Why ISO 27001 ?

 Framework that will take account of all legal and regulatory requirements.
 Gives the ability to demonstrate and independently assure the internal controls of a
company.
 Proves senior management commitment to the security of business and customer
information
 Helps provide a competitive edge to the company
 Reduces the amount of time and effort when audited by internal compliance reviews or
external audits.
 Easier to funding and resources for information security team and security objectives.
Thank You