Expert Advice Community

Guest

ISO 27001 and NIST

  Quote
Guest
Guest user Created:   Jun 09, 2018 Last commented:   Jun 09, 2018

ISO 27001 and NIST

I am about to join a company as the IT security person. Thus, I would like to implement NIST framework inside the company but I am not sure how much your solution (ISO27001 Documentation Toolkit) can help me to do so. I dont have the experience in implementing of ethier one, NIST and ISO27001.
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Jun 09, 2018

Answer: First, let's understand both NIST and ISO 27001:
- NIST SP-800 series of documents provides detailed information about processes to select and implement controls for computer security
- ISO 27001 provides general requirements for the implementation, operation, control and improvement of a management system to protect information, regardless of the environment where it is (e.g., physical reports or digital databases). ISO 27001 provides protection through the selection of security controls described in its Annex A, as well other controls that can be added by the organization.

The ISO 27001 Documentation Toolkit has templates that are organized and can be used to implement either the management requirements of the ISO 27001 standard, as well as the most common used information security controls from ISO 27001 Annex A, some of them IT related, and that can be linked to NIST SP-800 documents.

Considering that, you can use the ISO 27001 Documentation Toolkit to implement the overall approach to protect information, and after the identification of controls that can be related to NIST documents, you can use the NIST documents to implement the details for each control. For example, you can use information from SP 800-53 control for contingency plan testing to implement the Disaster Recovery Plan template.

These articles will provide you further explanation about ISO 27001 and NIST:
- What is ISO 27001 https://advisera.com/27001academy/what-is-iso-27001/
- The basic logic of ISO 27001: How does information security work? https://advisera.com/27001academy/knowledgebase/the-basic-logic-of-iso-27001-how-does-information-security-work/
- How to use NIST SP 800-53 for the implementation of ISO 27001 controls https://advisera.com/27001academy/blog/2016/05/10/how-to-use-nist-sp-800-53-for-the-implementation-of-iso-27001-controls/
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jun 09, 2018

Jun 09, 2018

Suggested Topics

Guest user Created:   Mar 16, 2021 ISO 27001 & 22301
Replies: 1
1 0

ISO 27001 and NIST 800

Guest user Created:   Oct 16, 2017 ISO 27001 & 22301
Replies: 1
0 0

ISO 27001 and NIST RMF

Guest user Created:   May 01, 2017 ISO 27001 & 22301
Replies: 1
0 0

ISO 27001 and NIST CSF