Security concepts
Assign topic to the user
ISO 27001 IT SECURITY POLICY
Define the detailed security rules for everyone in the company.
Get it now 
ISO 27001 IT SECURITY POLICY
Define the detailed security rules for everyone in the company.
Get it now
ISO 27001 IT SECURITY POLICY
Define the detailed security rules for everyone in the company.
Get it now
I’m considering that when you mention “security concepts”, and the listed standards, you mean “information security” concepts.
Considering that, the three standards can be useful to you because together they cover concepts for both governance and management of information security:
- ISO 27000 covers the general concepts about information security
- ISO 27001 presents concepts related to information security management, i.e., how to identify and treat information security risks, and this standard requires the engagement of management
- ISO 27014 covers concepts of Information Security Governance, i.e., on how to evaluate, direct, monitor, and communicate the information security-related activities within the organization
You can also check this doctoral thesis from Dejan Kosutic that describes a holistic approach to cybersecurity management through a socio-technical system that balances strategic, organizational, risk & technology, and people aspects: https://www.researchgate.net/publication/357826918_The_Impact_of_Cybersecurity_on_Competitive_Advantage
For further information, see:
- Should information security focus on asset protection, compliance, or corporate governance? https://advisera.com/27001academy/blog/2017/03/13/information-security-focus-asset-protection-compliance-corporate-governance/
- Integration of Information Security, IT and Corporate Governance https://info.advisera.com/27001academy/free-download/integration-of-information-security-it-and-corporate-governance
Comment as guest or Sign in
Feb 08, 2022