Home | Press | Contact Us | Clients | Testimonials
ecfirst Home

Tip of the month of January, 2008 - Week 3

ISO 27001 & 27002

The two standards that influence information security initiatives worldwide are:

  • ISO/IEC 27001
  • ISO/IEC 27002

This is an important security standard that must be referenced in any organization’s information security strategy document. Let us take a closer look at this international security standard.

ISO/IEC 27001

The ISO/IEC 27001 International Standard is about requirements related to security techniques for information technology and information security management systems. The ISO/IEC 27001:2005 International Standard was developed to provide a model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an Information Security Management System (ISMS). The adoption of an ISMS should be a strategic decision for an organization.  

ISO/IEC 27002

ISO/IEC 27002 is an information security standard published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) as ISO/IEC 17799:2005 and subsequently renumbered ISO/IEC 27002:2005 in July 2007, bringing it into line with the other ISO/IEC 27000-series standards. It is entitled Information technology - Security techniques - Code of practice for information security management. The current standard is a revision of the version first published by ISO/IEC in 2000, which was a word-for-word copy of the British Standard (BS) 7799-1:1999.

ISO/IEC 27002 provides best practice recommendations on information security management for use by those who are responsible for initiating, implementing or maintaining Information Security Management Systems (ISMS).

The ISO 27002 standard consists of 11 security control clauses (sections). These contain 39 main security categories and 1 introductory clause (risk assessment and treatment). Each clause contains a number of main security categories. Each main security category includes

  • Control Objective (what is to be achieved)
  • One or more Controls (that can be applied to achieve the control objective)

For more information visit www.aha-solutions.org, contact Lorna Waggoner at 1.877.899.9974 x17 or visit www.HIPAAAcademy.net

HIPAA Tip

COMPLIMENTARY 2-DAY CHP PROGRAM DELIVERED AT YOUR SITE

Get HIPAA certified at your site. For a complimentary 2-day Certified HIPAA Professional (CHP) program delivered at your site, please contact Lorna Waggoner at 1.877.899.9974 x17 or Lorna.Waggoner@ecfirst.com or visit www.HIPAAAcademy.net. Only qualified organizations will be considered. Session will be confirmed after review by the HIPAA Academy.  Certain terms and conditions apply. 

 

Last updated: January 9, 2008