DISCOVER OUR POPULAR ARTICLE

Gone Phishing – The Need For An Effective Response To Security Incidents

Jan 21 • 5 min read

What would a criminal do with your email address and password?

GO PHISHING! – phishing attacks can be targeted at your email contact lists – the fastest way to lose friends and business contacts! Secondly, they have access to your emails. Doesn’t take long to figure out, for example, who you hold online accounts with, especially if you don’t practice good mailbox housekeeping. Then, of course, there is the issue of passwords. Hands up how many people use the same passwords for multiple accounts and who change them infrequently? So, they have your password, they have your email address…next stop your other online accounts.

Why ISO 27001?

Using this family of standards will help your organization manage the security of assets such as financial information, intellectual property, employee details or information entrusted to you by third parties. ISO/IEC 27001 is the best-known standard in the family providing requirements for an information security management system (ISMS).

What is ISMS?

An ISMS is a systematic approach to managing sensitive company information so that it remains secure. It includes people, processes and IT systems by applying a risk management process. It can help small, medium and large businesses in any sector keep information assets secure.

History of ISO 27001

ISO/IEC 27001 is derived from BS 7799 Part 2, first published as such by the British Standards Institute in 1999.
BS 7799 Part 2 was revised in 2002, explicitly incorporating the Deming-style Plan-Do-Check-Act cycle.
BS 7799 part 2 was adopted as ISO/IEC 27001 in 2005 with various changes to reflect its new custodians.
The 2005 first edition was extensively revised and published in 2013, bringing it into line with the other ISO management systems standards and dropping explicit reference to PDCA.

ISO 27001 and risk management

ISO 27001 emphasizes the importance of risk management, which forms the cornerstone of an ISMS. All ISO 27001 projects evolve around an information security risk assessment – a formal, top management-driven process which provides the basis for a set of controls that help to manage information security risks. By implementing an ISO 27001-compliant ISMS, organizations will be able to secure information in all its forms, increase their resilience to cyber attacks, adapt to evolving security threats and reduce the costs associated with information security.

Why achieve ISO 27001 certification?

ISO 27001 is one of the most popular information security standards in the world, with certifications growing by more than 450% in the past ten years. It is recognised globally as a benchmark for good security practice, and enables organisations to achieve accredited certification by an accredited certification body following the successful completion of an audit. Some of the advantages:

Protect your data, wherever it lives: An ISO 27001-compliant ISMS helps protect all forms of information, whether digital, paper-based, or in the Cloud.
Meet contractual and regulatory obligations: Certification demonstrates an organization’s commitment to information security, and provides a valuable credential when tendering for new business.
Reduce costs associated with information security: Thanks to the risk assessment and analysis approach of an ISMS, organizations can reduce costs spent on indiscriminately adding layers of defensive technology that might not work.
Increase your attack resilience: Implementing and maintaining an ISMS will significantly increase your organization’s resilience to cyber attacks.
Respond to evolving security threats: Constantly adapting to changes both in the environment and inside the organization, an ISMS reduces the threat of continually evolving risks.
Improve company culture: The Standard’s holistic approach enables employees to readily understand risks and embrace security controls as part of their everyday working practice.

Sections of ISO 27001

Risk assessment
Security policy
Organization of information security
Asset management
Human resources security
Physical and environmental security
Communications and operations management
Access control
Information systems acquisition, development and maintenance
Information security incident management
Business continuity management
Compliance

Organisations are required to apply these controls appropriately in line with their specific risks. Third-party accredited certification is recommended for ISO 27001 conformance.

Why is ISO 27001 so important and what business benefits does it offer?

The business benefits from ISO 27001 certification are considerable. Not only do the standards help ensure that a business’ security risks are managed cost-effectively, but the adherence to the recognised standards sends a valuable and important message to customers and business partners: this business does things the correct way. ISO 27001 is invaluable for monitoring, reviewing, maintaining and improving a company’s information security management system and will unquestionably give partner organisations and customers greater confidence in the way they interact with your business.

Some of the stages you will need to go through to protect your business and achieve ISO 27001 include:

Assessing the potential risks to your business and identifying areas that are vulnerable.
Implementing a management system that covers the entire organisation will help to control how and where information is stored and used.
Maintaining a process to manage current and future information security policy.
Making employees and third party contractors aware of the risks and incident reporting.
Monitoring system activity and logging user activities.
Keeping IT systems up to date with the latest protection.
System access control.

ISO 27001 Consultation in Jordan

If you are looking for ISO 27001 consultation in Jordan, you are at the right place! AAC MENA is one of the best providers to obtain the ISO 27001 certificate for your industry in Jordan at an affordable price. AAC MENA is known for ensuring customer satisfaction and business improvement.

Conclusion

As a leader in consultation services, AAC MENA offers unrivaled experience and expertise in ISO 27001 requirements. Our presence in the Middle East and harmonized approach give you access to the largest independent network of consultants and advisory services in the region.

In this article