ISO 27001: ISMS
I have implemented ISO 27001 ISMS in an insurance company. Now they want to know, whether they need any other framework of Cyber Security to protect them from Cyber threats, OR, the ISO 27001 isms framework is sufficient for them?
Assign topic to the user
ISO 27001 provides a comprehensive approach for information security and Cyber Security, so an additional framework would be necessary only if:
- there are legal requirements (e.g., laws, regulations, or contracts) demanding the implementation of another framework
- there are needed controls that are not covered, or not properly covered, by controls in Annex A (e.g., NIST SP 800-53 publication also provides one family of 16 controls for the management of information security programs)
In case you do not have the above-mentioned situations, ISO 27001 is sufficient to cover cybersecurity
This article will provide you a further explanation about NIST and cybersecurity:
- How to use NIST SP 800-53 for the implementation of ISO 27001 controls https://advisera.com/27001academy/blog/2016/05/10/how-to-use-nist-sp-800-53-for-the-implementation-of-iso-27001-controls/
- ISO 27001 vs. Cyber Essentials: Similarities and differences https://advisera.com/27001academy/blog/2017/09/11/iso-27001-vs-cyber-essentials-similarities-and-differences/
- ISO 27001 vs. ISO 27032 cybersecurity standard https://advisera.com/27001academy/blog/2015/08/25/iso-27001-vs-iso-27032-cybersecurity-standard/
Comment as guest or Sign in
Jun 09, 2020