ISO/IEC JTC 1/SC 27, IT security techniques, is responsible for helping the fight against the growing problems of cybersecurity attacks, online fraud, information and identity theft. It provides organizations with solutions to protect their sensitive and critical information, as well as personal data, regardless of business sector and organizational structure. A related group, ISO/IEC 38500, Corporate governance of information technology, provides guidance for top management to reduce the risk of not complying with legislation.
The information security standards market changed significantly when businesses around the world were introduced to the concept of an information security management system (ISMS). ISO/IEC 27001:2005, Information technology – Security techniques – Information security management systems – Requirements, provides an effective management framework for information security. It meets all types of organizational security needs and business requirements.
Up to 80% of information technology budgets of most organizations are directly linked to service management processes. The ISO/IEC 27001:2005 requirements enable service providers to understand how to enhance the quality of service delivered to their internal and external customers.
Many programmes that are designed to tackle the cyber-war issue reference ISO/IEC 27001 and its supporting code of practice ISO/IEC 27002:2005.
Information security standards provide many benefits to an organization including the following :
- Better and more effective management of the risks a business faces
- Greater performance efficiencies in the protection of the information process
- Higher quality of security being delivered Higher return on security investment
- Delivery of assurance and confidence to customers and consumers in the information security of the services and products that a company provides
- Common language for information security to facilitate better business relationships : business-to-business, business-to-consumer, outsourcing, supply chains and other business relationship models.
All types of organizations benefit from information security standards, from the smallest to the largest: commercial companies, public sector organizations, government departments and agencies, and research and academic/teaching institutions.