ISO/IEC 27001:2013 is the international standard that describes best practice for an information security management system (ISMS). An ISMS is a system of processes, documents, technology and people that helps to manage, monitor, audit and improve your organisation’s information security.
Achieving ISO 27001 certification verifies that your company’s information security is managed in line with international best practice.
Certification to ISO 27001 can bring organisations a host of benefits, including:
- Safeguarding their valuable data and intellectual property;
- Winning new business and retaining their existing customer base;
- Avoiding the financial penalties and losses associated with data breaches;
- Complying with business, legal, contractual and regulatory requirements; and
- Improving their processes.
ISO 27001 is not the complicated standard it is made out to be
Brian Honan, author of June’s book of the month, ISO27001 in a Windows® Environment, told us that it “really struck him how complicated people seemed to think ISO 27001 was”. He added that they also thought ISO 27001 would “require thousands of mandates, lots of money to invest in IT equipment and systems, and would take forever to get implemented”.
You can listen to the full podcast here.
ISO 27001 can be implemented on your current Windows system
A lot of the technical controls in ISO 27001 can be addressed with Windows’ inbuilt functionality and tools.
ISO27001 in a Windows® Environment gives essential guidance for everyone involved in a Windows-based ISO 27001 project.
- Details the various controls required under ISO 27001:2013, together with the relevant Microsoft products that can be used to implement them;
- Explains how to make the most of Windows security features; and
- Is ideal for bridging the knowledge gap between ISO 27001 and Windows security.