
Information security management system
Security is not a product, but a process. If you think technology can solve your security problems, then you don't understand the problems and you don't understand the technology. (Bruce Schneier)
Many organizations have established a number of methods for monitoring and ensuring information security. However, in the absence of a management system, these control methods are not correlated, most often they serve to solve specific problems or is a mere convention. Usually, control is implemented with an emphasis on part of IT, ignoring the information on paper or proprietary knowledge.
ISO / IEC 27001 is the only standard that defines requirements for an information security management system that enables and optimizes the selection of appropriate control measures. This enables the protection of all data and information, which contributes to increase confidence from collaborators and stakeholders.
ISO/CEI 27001
Ensures the security assessment and risk management practices related to security or confidentiality of data and information the organization holds;
Sustains the idea that security becomes an integral part of business;
Sustain the knowledge and monitoring of IT related risks;
Sustain the high awareness of employees about the need for security measures;
Ensures cost-effective and consistent information security practices.
A certified information security management system demonstrates the organization's commitment and capability to control all information and data the organization holds.