ISO/IEC 27001 information security management system standard

Emerging connected technologies present in equal measure no greater opportunity for prosperity and peril. The business landscape is pocked with the craters of asteroid-like strikes against an organization’s trade secrets, customer data and other sensitive materials misappropriated through the careless use of an unfamiliar wi-fi network by one executive on his smart phone. ISO/IEC 2001 is the world’s standard for an information security management system (ISMS). It provides the framework of policies and procedures implicated in a comprehensive risk management system, and includes all legal, physical and technical controls. ISO/IEC 27001 was developed to "provide a model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an information security management system.” Part and parcel to implementing an information security-minded organization is documentation, defined management responsibilities, regular internal and external third-party audits, corrective and preventative actions and continuous improvement. Moreover, the responsibility for information technology security belongs to not just the IT department, but to the entire organization.
The 27001 provides a checklist of controls that should be considered in the accompanying code of practice, including
 
1. Risk assessment
 
2. Security policy
 
3. Organization of information security
 
4. Asset management 
 
5. Human resources security
 
6. Physical and environmental security
 
7. Communications and operations management
 
8. Access control 
 
9. Information systems acquisition, development and maintenance 
 
10. Information security incident management 
 
11. Business continuity management 
 
12. Compliance