Deprecated: The each() function is deprecated. This message will be suppressed on further calls in /home/zhenxiangba/zhenxiangba.com/public_html/phproxy-improved-master/index.php on line 456
{"id":3639,"date":"2024-03-12T16:28:57","date_gmt":"2024-03-12T22:28:57","guid":{"rendered":"https:\/\/trustarc.com\/?post_type=regulations&p=3639"},"modified":"2024-03-21T12:48:43","modified_gmt":"2024-03-21T18:48:43","slug":"iso-iec-27001","status":"publish","type":"regulations","link":"https:\/\/trustarc.com\/regulations\/iso-iec-27001\/","title":{"rendered":"ISO\/IEC 27001 International Standard"},"content":{"rendered":"\t\t
\n\t\t\t
\n\t\t\t\t\t\t\t\t\tStandard<\/span>\n\t\t\t\t\t\t\t\t\t\t

ISO\/IEC 27001 International Standard<\/h1>\n\t\t\t\t\t

ISO\/IEC 27001 sets out clear requirements for establishing, implementing, maintaining and continually improving an information security management system that is tailored to the needs of the organization.<\/p>\n\t\t\t<\/div>\n\t\t<\/section>\n\t\t\n\n\t\t

\n\t\t\t
\n\t\t\t\t\t\t\t\t\t
\n\t\t\t\t\t\t

Can I benefit from ISO\/IEC 27001?<\/h2>\n

The ISO\/IEC 27001 standard can be used by internal and external parties to assess your organization\u2019s ability to meet its own information security requirements. The requirements are generic and are intended to be applicable to all organizations, regardless of type, size or nature.<\/p>\n\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\n\n\t\t

\n\t\t\t
\n\t\t\t\t\t\t\t\t\t
\n\t\t\t\t\t\t

CIA Triad – three principles of information security<\/h3>\n

C<\/strong>onfidentiality – data is accessed only by authorized individuals<\/p>\n

I<\/strong>nformation integrity – data is reliably stored and protected<\/p>\n

A<\/strong>vailability of data – data is available when it is needed<\/p>\n\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\n\n\t

\n\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t
\n\t\t\t\t\t\t\t

Leadership and commitment<\/h4>\n

Senior leaders must draft and approve an Information Security Policy Statement that details the roles involved in the implementation, monitoring and maintenance of their Information Security Management System (ISMS), and demonstrates to internal and external parties their commitment to information security.<\/p>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t

\n\t\t\t\t\t\t\t

Risk assessment and management<\/h4>\n

Organizations should establish measurable security objectives that are in line with the organization\u2019s strategic goals. Create a risk management plan that defines the procedures and processes the organization will follow to regularly assess and evaluate operational controls and mitigate risks.<\/p>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t<\/section>\n\t\n\n\t

\n\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t
\n\t\t\t\t\t\t\t

Performance measurement evaluation<\/h4>\n

Organizations should design procedures to track the ongoing performance of the ISMS and monitor operational controls. Conduct internal audits and management reviews at regularly planned intervals.<\/p>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t\t\t

\n\t\t\t\t\t\t\t

Continuous improvement<\/h4>\n

Organizations should continually improve the suitability, adequacy, and effectiveness of the ISMS.<\/p>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t<\/section>\n\t\n\n\t\t

\n\t\t\t
\n\t\t\t\t\"\"\t\t\t<\/div>\n\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t\t\tWebinar<\/span>\n\t\t\t\t\t\t\t\t\t\t\t\t

Mitigating Third-Party Risk: Best Practices for CISOs<\/h2>\n\t\t\t\t\t\t

Join us for an insightful and informative webinar as we delve into mitigating third-party risks. This webinar will provide essential strategies and best practices to ensure robust security and privacy measures when collaborating with external entities.<\/p>\n\t\t\t\t\t\t