skip to Main Content
This website use cookies which are necessary to its functioning and required to achieve the purposes illustrated in the privacy policy. To learn more or withdraw consent please click on Learn More. By continued use of this website you are consenting to our use of cookies.

GLOSSARY

ISO 27001

ISO 27001 is an international standard that dictates how companies design and implement an Information Security Management System. ISO 27001 was created by the U.S. Information Security Management Practices Act (ISMA) of 1994. Before this act, there was no set standard for managing information security in business information systems. The standard applies to information security management systems intended to be “white boxes” or tabular “boxes” where all the critical information is stored.

The information security white box concept is fundamental, but what makes it so important is that companies can implement the information security white box entirely without tampering with any of the physical information systems. Once implemented, all information needs to be implemented within the company’s information security infrastructure (ISI), and all the supporting hardware and software need to be compatible with the system design.

There are four primary objectives included in ISO 27001:

  • • Promote information security management and practice
  • • Improve communication and information exchange,
  • • Improve the quality and performance of information security systems,
  • • Provide guidelines for systems engineering and design.

With these objectives, ISO 27001 certification plays an important role in organizations. An organization needs to have security management systems in place and benchmark their systems against their peers. Large organizations often seek outside guidance when seeking ISO27001 certification.

Back To Top