Certification of ISO 27001:2013
ISO 27001 : 2013 Information Security Management Certification is a management plan that specifies the needs diperlkukan for the implementation of security controls customized to the needs of the organization . ISO 27001 : 2013 is designed to protect information assets from across the security breach .
Standard ISO 27001 : 2013 is a process of applying security management controls in daialm an organization to obtain security services in ranga minimize asset risk and ensure business continuity . The main security services that must be considered are as follows : a. Information Confidentiality ( Confidentiality ) b. Information Integrity ( Integrity Information ) c . Availibility Services ( Availability service)
Security experts say , and statistical data helped confirm that :
- IT security administrators should expect to devote one of three parts of their time to handle aspects teknis.lalu 2 parts remaining to be spent to develop policies and procedures , conducted a review of the security and risk analysis , addressing contingency planning and promoting security awareness .
- Security is more dependent on people rather than technology .
- Employees are a far greater threat than outsiders .
- Security is like a chain , it can only be as strong as the weakest connection between segment.
- The degree of protection depends on three factors : the risk to be taken , the function of the system, and charges are prepared to pay.
- Security is not a status or a portrait , but a process that is always running .