Blog

ISO 27001:2013 is revised version of ISMS standard based on Enterprise Risk Assessment focused on understating of Organizational Internal and External Aspects to cater all types of risk.

A Road Map for Information Security management System:

•  Create Security Council
•  Define scope of ISMS
•  Define Security Policy
•  Risk Assessment
•  Identify Assets
•  Identify Threats and Vulnerabilities
•  Evaluate Probability and Impact
•  Calculate Risk Value
•  Risk Management
•  Identify Controls to manage the risks
•  Implement controls (processes)
•  Evaluate controls periodically
•  Improve