INFORMATION SECURITY

Understand how MSI assists in compliance to ISO 27001.

ISO 27001

ISO 27001 is an international standard for information management. ISO 27001 provides a model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an information security management system.

RISK ASSESSMENT

The “Information security risk assessment” requirements of section of ISO 27001 help to ensure the preparedness of the organization against potential cyber-security risk. Prior to the realization of an information security threat, organizations must have specific procedures in place for mitigating possible loss of confidentiality. This includes requirements that processes be in place to identify, analyze, evaluate and mitigate all information security risks.

AWARENESS

Important to cyber-security, ISO 27001 includes the requirement that all personnel under control of the organization must be aware of the information security policy, the contribution of each person to the effectiveness of the information security management system, and the benefits of improved information security performance. Training and education play an essential role in the awareness of employees and contractors alike.