BSI publishes standard to assist in the protection of information assets

BS ISO/IEC 27000:2009 provides an introduction to information security management systems (ISMS), an overview of existing standards and terms and definitions used in the ISMS family of standards. Developed by the International Organization for Standardization with input from BSI in the UK, the standard also provides a description of the Plan-Do-Check-Act process, used in the implementation of all management system standards.

By using information security standards, an organization can develop and implement a framework for managing the security of its information assets, thereby treating and handling risks effectively. An ISMS provides a model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving the protection of information assets. Implementation of an ISMS can be used by public and private sector organizations to apply consistent and mutually-recognizable information security principles. Types of information can include financial information, intellectual property, and employee details.

Mike Low, Director, Standards, BSI, said, “All information held and processed by an organization is subject to threats of attack and natural incidents. Over the past few years information security has become a boardroom issue and there are now numerous standards available to help organizations implement a framework for managing security of their information assets. ISO 27000 puts the existing family of international information security standards in context and provides an overview of this important area.”

Visit the BSI Shop for more information or to buy the BS ISO/IEC 27000:2009 standard.

- ENDS -