ISO27001InformationSecurityManagementSystem-System.PDFVIP

ISO 27001 Information Security Management System Solution Overview: Symantec Managed Services Overview Due to growing information security risks, organizations must continually monitor and effectively manage the security of their computing infrastructure. Further, organizations must ensure the confidentiality, integrity, and availability of their information assets. ISO 27001:2005 is a time-proven international standard of best practices published by the International Organization for Standardization (ISO) for establishing, maintaining, and improving security programs for all organizations. An ISO 27001 based Information Security Management System (ISMS) is a set of integrated processes that govern the management of security program policies and procedures. Symantec? Managed Security Services has achieved and continues to achieve many benefits from implementing an ISO 27001 based ISMS. Designing and implementing an ISMS is a significant undertaking for security program managers. Because ISO 27001 is a multi- layered security management standard, organizations must design consistent policies and practices in order to apply the appropriate security controls required by ISO-27002 and also to prove compliance per ISO-27001 control objectives. ISO 27001 Management Oversight for Consistency Most organizations have a number of information security controls in place. However, many technical and process controls often tend to be unrelated to each other, having been implemented as point solutions to address certain aspects of IT or data security but not to an overall security program framework. ISO 27001 compliance strengthens an organizations security program because it requires executive management sponsorship and approval of the ISMS policy and program. Executive management oversight drives a consistent methodology for securing an organization’s information and infrastructure. The net result is that management is responsible for assuring that their most important informati