Guest
ISO 27001 and information security governance
Hello, I want to ask that do you think iso 27001 can be used for information security governance? I'm also studying for CISM exam, reading many books about governance and to me 27001 contains nearly all elements of governance; the IS strategy, outcomes, risk management, laws®ulational compliance, resource optimization, value delivery, needs of interested parties etc… And also PDCA cycle is perfect for IS governance.
Assign topic to the user
Expert
Rhand Leal
Jul 21, 2017
Answer: Yes, ISO 27001 can be used to help implement information security governance. But you should note that ISO 27001 provides requirements (what should be done) not implementation guidelines (how to do things) so you should complement it with other frameworks and best practices, like COBIT and ITIL.
Additionally, you also should consider ISO 27014, which provides guidance on concepts and principles for the governance of information security (https://www.iso.org/standard/43754.html).
This articles will provide you further explanation about information security governance:
- Should information security focus on asset protecti on, compliance, or corporate governance? https://advisera.com/27001academy/blog/2017/03/13/information-security-focus-asset-protection-compliance-corporate-governance/
- How to integrate COSO, COBIT, and ISO 27001 frameworks https://advisera.com/27001academy/blog/2016/10/10/how-to-integrate-coso-cobit-and-iso-27001-frameworks/
Comment as guest or Sign in
Jul 21, 2017
Oct 02, 2020
Oct 02, 2020