Author: Brad Kelechava / Source: ANSI
Most organizations today have no choice but to maintain a digital presence, utilizing services that, for the most part, capture the benefits of their activities through numerous tech-based enhancements. However, these advantages also create a means by which the organizations’ data may be susceptible to breach. For this purpose, there exists information security. As the ever-growing frequency and sophistication of cyberattacks fuels the needs for an abundance of tech jobs, many of which involve efforts to oppose the threatening forces of cybercrime, ISO’s approach to aiding organizations in limiting their susceptibility to cyberattacks is through an information security management system (ISMS), the base requirements for which are detailed in ISO/IEC 27001:2013 – Information technology – Security techniques – Information security management systems – Requirements.
The ISO/IEC 27000 series of standards has adopted the shared Annex SL format, which presents the non-prescriptive specifications of the documents in a manner that simplifies compliance for the user. As an ISO management system standard, the ISO/IEC 27000 series is comprised of several parts, with ISO/IEC 27001:2013 giving the core requirements and the other documents supplementing that information. One such document is ISO/IEC 27003:2017 – Information technology – Security techniques – Information security management systems – Guidance.
ISO/IEC 27003:2017 adds to the requirements covered in the ISO/IEC 27001:2013 standard, offering guidance on each requirement and…
Click here to read more