Implementation of ISMS includes:
- Establishing management framework
- Risk analysis
- Implementation of selected control measures
- Application of appropriate control documentation
- Keeping records as evidence of compliance
ISO 27001 consists of 36 security objectives and 127 security control measures divided into 10 domains:
- Security policy
- Management requests for information security improvement
- Organizational safety
- Enabeling information security management within the organization
- Resource classification and control
- Implementing information resources inventories and their protection
- Personnel as an element of information security
- Reducing risk of human error, theft, fraud and damaging resources on an acceptable level
- Physical security and protection from environmental influence
- Preventing destruction, deterioration and malfunction of resources and data
- Managing communication and activities as elements of information security
- Ensuring appropriate and efficient performance of information processing devices
- Access control
- Information access control
- Development of systems and their maintenance
- Ensuring safety implementation into information systems
- Managing business continuity
- Reducing risk of business abortion to an acceptable level and protection of key organizational processes from a breakdown and failure
- Compliance with legislation
- Preventing possible violation of law, statute or contractual obligations and security requests
|
