There are a certain percentage of professionals in the information security industry that don’t see the reason for implementing an information security management system (ISMS) and gaining certification against the International Standard, ISO/IEC 27001. They either think that it is too much hassle, not suitable for their organisation, or that technology-based solutions are more important.
The release of ISO/IEC 27001:2013 has made implementing an ISMS more straight forward and achievable, for all organisations.
Whilst it is currently not possible to gain certification against the 2013 edition of the standard, once the scheme has been released in the coming months, there will be effectively very little to stop organisations of all types and sizes from implementing an ISMS and gaining certification.
Good information security is the effective combination of people, process and technology. Only through implementing an ISMS do you achieve an effective balance of all these attributes. Learn more about the latest edition of ISO/IEC 27001:2013 in An Introduction to ISO/IEC 27001 2013, an official introductory guide from the UK’s National Standards Body, BSI.