ISO IEC 27001 Information Security

ISO IEC 27001 Information Security
Spread the love

ISO IEC 27001 Information Security

ISO IEC 27001 is the international standard that provides the specification for Information Security also the full official name of this ISO / IEC 27001: 2013 standard and includes the following:

  • Technology Information
  • Safety techniques
  • Information Security
  • Management Systems
  • Requirements



Context – Leadership – Planning – Support – Process – Evaluation – Improvement.


According to ISO 27001/2013, each requirement must be fulfilled if any company wishes to fulfill its ISMS claim. Compliant with this standard.


ISO 27001 is the standard for information security management in general and can be used in any organization. Regardless of the size or nature of their work, the ISO / 2700101 standard is intended to assist organizations in establishing and maintaining an ISMS (Information Security Management System).


Information Security Management System (ISMS) is a set of interconnected elements that organizations use to manage and control information security risks, protect and maintain confidentiality, integrity, and availability of information.


These elements include all policies, procedures and processes, plans, practices and roles, responsibilities, resources and structures that are used to manage security risks and protect information. Whereas when applying ISO 27001, it must fully meet each of the conditions (Standard 4 to 10 conditions), and it will depend on the organization’s own goals, unique risks to information security, requirements, needs and expectations of the parties concerned, while it will be affected Also, with its inherent complexity and corporate context.


If you do not already have an Information Security Management System (ISMS), you can use the ISO IEC 27001 2013 Standard to create an Information Security System. Once the private organization is established on the ISMS, you can use it to protect, maintain confidentiality, integrity, and availability of information, and manage and control your information security risks.

ISO IEC 27001 is designed to be used for certification purposes the first time that an information security management system has been created that meets the requirements of ISO and deals with the organization’s unique risks, it can request a registrar (certification body) to review its system.


If she passes the audit, the registrar will issue an official certificate indicating that ISMS meets the requirements of ISO IEC 27001 in 2013. While ISO IEC 27001 2013 was specifically designed to be used for certification purposes, it did not have to become certified.

They can be in compliance without being formally registered by an accredited certification body. The organization’s information security system can be revised and then announced to the world that it complies with the ISO IEC 27001 standard (assuming it is in fact not). Of course, the claim for commitment may be more credible if it is audited by an independent certification body or ISMS registrar and in accordance with the organization’s request.


Methods of Hacking Mobile Phones

Reverse Engineering Resources



I'm a Computer Engineer Information Technology fields, specially in Info-sec field. Also, i'm freelance instructor in Ethical Hacking, Secure Web Development, Penetration Testing and Security Awareness. I have the following certificates : CEH, CHFI, ECSA, LPT Master, & ISO 27001 LI.

Leave a Reply

Your email address will not be published. Required fields are marked *

five + five =