Relation between ISO 27001 and the IS strategy
I hope to know the relation between iso 27k and the IS strategy is it part of it or is it considered as tactical process.
Assign topic to the user
Please note that the standard itself states in its introduction that adopting an information security management system (ISMS) is a strategic decision for an organization.
Considering that, using ISO 27001 to implement an ISMS, can be seen as an unfolding of the Information Security (IS) strategy, i.e., as a tactical element (because an ISMS can be implemented using other frameworks like NIST Cyber Security Framework - CSF).
These articles will provide you a further explanation about ISO 27001 application:
- Should information security focus on asset protection, compliance, or corporate governance? https://advisera.com/27001academy/blog/2017/03/13/information-security-focus-asset-protection-compliance-corporate-governance/
- Aligning information security with the strategic direction of a company according to ISO 27001 https://advisera.com/27001academy/blog/2017/02/20/strategic-direction-of-a-company-according-to-iso-27001/
These materials will also help you regarding ISO 27001:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
Mar 25, 2021