Guest user Created: Jul 21, 2017 Last commented: Oct 03, 2020

ISO 27001 and information security governance

Hello, I want to ask that do you think iso 27001 can be used for information security governance? I'm also studying for CISM exam, reading many books about governance and to me 27001 contains nearly all elements of governance; the IS strategy, outcomes, risk management, laws®ulational compliance, resource optimization, value delivery, needs of interested parties etc… And also PDCA cycle is perfect for IS governance.

0 0

Assign topic to the user

Select user

Expert

Rhand Leal Jul 21, 2017

Answer: Yes, ISO 27001 can be used to help implement information security governance. But you should note that ISO 27001 provides requirements (what should be done) not implementation guidelines (how to do things) so you should complement it with other frameworks and best practices, like COBIT and ITIL.

Additionally, you also should consider ISO 27014, which provides guidance on concepts and principles for the governance of information security (https://www.iso.org/standard/43754.html).

This articles will provide you further explanation about information security governance:
- Should information security focus on asset protecti on, compliance, or corporate governance? https://advisera.com/27001academy/blog/2017/03/13/information-security-focus-asset-protection-compliance-corporate-governance/
- How to integrate COSO, COBIT, and ISO 27001 frameworks https://advisera.com/27001academy/blog/2016/10/10/how-to-integrate-coso-cobit-and-iso-27001-frameworks/

Quote

0 0

Guest

Yaz Oct 03, 2020

The article links on this post helped me. Thanks Rhand Leal

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Jul 21, 2017

Oct 02, 2020

Expert Advice Community