ISO 27001 and information security governance
Assign topic to the user
Answer: Yes, ISO 27001 can be used to help implement information security governance. But you should note that ISO 27001 provides requirements (what should be done) not implementation guidelines (how to do things) so you should complement it with other frameworks and best practices, like COBIT and ITIL.
Additionally, you also should consider ISO 27014, which provides guidance on concepts and principles for the governance of information security (https://www.iso.org/standard/43754.html).
This articles will provide you further explanation about information security governance:
- Should information security focus on asset protecti on, compliance, or corporate governance? https://advisera.com/27001academy/blog/2017/03/13/information-security-focus-asset-protection-compliance-corporate-governance/
- How to integrate COSO, COBIT, and ISO 27001 frameworks https://advisera.com/27001academy/blog/2016/10/10/how-to-integrate-coso-cobit-and-iso-27001-frameworks/
Comment as guest or Sign in
Oct 02, 2020