Article | REF: G9062 V2

ISO 27001: Information Security Management Systems

Author: Gilles TENEAU

Publication date: April 10, 2018

You do not have access to this resource.
Click here to request your free trial access!

Already subscribed? Log in!

Overview

Français

ABSTRACT

This article explains and clarifies the ISO 27001 standard on the management of information security. This standard considers this issue from an organizational and managerial angle, with a view to its effectiveness and efficiency. The purpose of the standard being certification, it ensures a virtuous circle of continuous improvement in the security of information systems in order to strengthen the confidence of all the stakeholders involved (customers, investors, etc.). This article also includes commentaries, examples and generic case studies to inform readers on how the standard is implemented.

Read this article from a comprehensive knowledge base, updated and supplemented with articles reviewed by scientific committees.

Read the article

AUTHOR

Gilles TENEAU: Doctorate in management science, associate researcher at LEMNA (University of Nantes), professor at CNAM IDF and ESC Amiens, President of the research center for organizational resilience, ITIL Accredited Trainer.

INTRODUCTION

Today, more than ever, information and its management and security are management issues in their own right. As Jérôme Denis puts it , information technology and its security involve a paradox which consists in an unprecedented development of efficiency, but also of the technical fragility of organizations. Communication technologies and information systems are both an opportunity to increase the circulation of information within a company as a source of competitive advantage, but they can also make it vulnerable to certain threats. Management practices must now evolve to incorporate into corporate governance a concern for securing corporate information, which constitutes an (intangible) asset in its own right. . The latter are a management challenge, as they imply risks and a regime of permanent fragility for the company, which can impact on the quality of goods and services supplied (particularly in terms of delivery times and the reliability of information provided). In an interconnected world, information and related processes, systems and networks are critical organizational assets. Organizations and their information systems and networks face security threats from multiple sources, including computer-assisted fraud, espionage, sabotage, vandalism, fire and flood. Damage to information systems and networks by malware, hacking and saturation attacks is becoming more common, more ambitious and increasingly sophisticated.

Faced with this situation, the ISO/IEC 27001 :2013 "Safety techniques – Systèmes de gestion de la sécurité de l'information" is designed to meet this management challenge by considering information security as a cross-functional project. While the objective of the standard is to move towards certification, its aim is to enrich practices and establish active management of information systems security. This iterative process is designed to integrate the organization's various stakeholders, both from a hierarchical perspective (Top Down-Bottom Up) and from a cross-functional point of view, in line with the organization's processes.

The standard ISO/IEC 27001 :2013 is based on the ISO 27000 series of standards. This standard describes the...

You do not have access to this resource.

Exclusive to subscribers. 97% yet to be discovered!

You do not have access to this resource.
Click here to request your free trial access!

Already subscribed? Log in!

The Ultimate Scientific and Technical Reference

A Comprehensive Knowledge Base, with over 1,200 authors and 100 scientific advisors

+ More than 10,000 articles and 1,000 how-to sheets, over 800 new or updated articles every year

From design to prototyping, right through to industrialization, the reference for securing the development of your industrial projects

CAN BE ALSO FOUND IN:

Home Environment - Safety Environment ISO 27001: Information Security Management Systems

This article is included in

Safety and risk management

This offer includes:

Knowledge Base

Updated and enriched with articles validated by our scientific committees

Services

A set of exclusive tools to complement the resources

Practical Path

Operational and didactic, to guarantee the acquisition of transversal skills

Doc & Quiz

Interactive articles with quizzes, for constructive reading

Subscribe now!

Ongoing reading
ISO 27001: Technique and management of information security

ISO 27001 and ISMS

Bibliography

(1) - BENNASAR (M.), CHAMPENOIS (A.), ARNOULD (P.) - Manager la sécurité du SI. - Dunod (2007).
(2) - BOILEAU (T.) - SO 27001, un Système de Management de la Sécurité de l'information : Exemple de mise en œuvre d'un SMSI et sa plate-forme logicielle...

Websites

Site dedicated to ISO 27001 :

http://www.27001-online.com/

Website dedicated to IT Governance:

http://www.itgovernance.eu/c-17-iso27001

Site dedicated to ISO 27001 certification (LSTI) :

Standards and norms

Lignes directrices pour l'audit des systèmes de management de la qualité et/ou de management environnemental. - ISO/IEC 19011 - 2012
Quality management systems – Requirements - ISO 9001 - 2015
Environmental management systems – Requirements and guidelines for use. - ISO 14001 - 2015
Conformity assessment – Requirements for bodies providing audit and certification of management systems – Part 1:...