I have a trouble relating to the human resource before implement ISO 27001. People in my company have the difference level about understanding security of ISO 27001. So how to implement any tech with the right expectations.
Answer:
It is not necessary that all people in the ISMS have an expert knowledge about the ISO 27001, or have expert knowledge about technology, so here it is important to train all people in basic terms about information security. To do this, I recommend you to see our free resources, for example Why ISO 27001 Awareness presentation here (you can also use the presentation to train your staff): https://advisera.com/27001academy/free-downloads/ .
About the technology, you need people in your company to implement certain security controls which are directly related with technology, but it is enough with basic knowledge (for example, knowledge about backups, control access, firewalls, anti-virus, etc). This article about firewalls can be interesting for you How to use firewalls in ISO 27001 and ISO 27002 imple mentation : https://advisera.com/27001academy/blog/2015/05/25/how-to-use-firewalls-in-iso-27001-and-iso-27002-implementation/
Finally this page about what is ISO 27001 can be also interesting for you: https://advisera.com/27001academy/what-is-iso-27001/
Also this article can be interesting for you "4 reasons why ISO 27001 is useful for techies" : https://advisera.com/27001academy/blog/2012/10/22/4-reasons-why-iso-27001-is-useful-for-techies/
Comment as guest or Sign in
Jan 12, 2016