An ISO27001-compliant ISMS helps combat cybercrime


IT Governance Ltd, the global leader in ISO 27001 and cybersecurity information, books and tools, warns that cyber attacks could be the largest threat to businesses this year.

It is a mandatory requirement for UK public sector organisations to inform the Information Commissioner's Office of a data breach. Although the same legislation is not currently enforced in the UK private sector, commercial organisations are increasingly required to meet certain information security standards in order to win the trust of their customers and stakeholders and be able to tender for certain projects.

Advanced Persistent Threats (APTs) are a major concern for all company boards. APTs represent co-ordinated cyberactivities of sophisticated criminals and state level entities. APTs are usually targeted on specific government or private sector organisations (recently Google, Citigroup, the IMF and RSA) with the objective of stealing information or compromising information systems. The goal of an APT is not usually to bring down a business, but to stay embedded and to suck information out of it at a slow, undetected pace.

Cyber attacks have become more sophisticated and some hacking groups such as 'Anonymous’ have gone as far as to announce a successful hack on Twitter, sometimes before the victim organisation are aware themselves.

Given the presence of social media in our day-today lives, companies can no longer hide cyber attacks. As soon as a cyber attack is announced on Twitter, the media will ensure customers are aware.

Organisations shouldn’t try to ignore cyber threat, they should fight it. The best way to do this is to align their information security management system to ISO 27001 – the world’s only recognised cyber security management system standard. By not taking any action, the least organisations risk is negative publicity and loss of brand loyalty. More serious consequences include shareholder and financial losses.

To assist businesses with what can be a challenging ISO27001 project, the experts at IT Governance have designed the No3. ISO27001 Comprehensive Toolkit. It provides organisations with all the tools they will need for the implementation of an information security management system (ISMS). It includes copies of the three key standards (ISO27001, ISO27002 and ISO27005), the Risk Assessment Tool (vsRisk™), the Documentation Template Toolkit and manuals that describe in practical detail how each aspect of the ISMS should be tackled.

One user of the Toolkit said: "Using the templates was the only way that we could deliver a first edition ISMS in under six months. Our deliverable was a work in progress, but miles ahead of where they would have been without the templates".

Organisations who buy the No3. ISO27001 Comprehensive Toolkit before 29 February will receive the ICT Strategy Toolkit free. The ICT Strategy Toolkit will guide any organisation through the process of creating an ICT strategy, helping it drive down costs and control risk within an ICT environment.

Organisations can purchase the ISO 27001 Comprehensive Toolkit here:  Orders can also be made directly with the friendly, helpful IT Governance service centre team on telephone number +44 (0)845 070 1750. Larger organisations can make purchases with a purchase order, either by telephone, or by e-mail to

This website uses cookies. View our cookie policy