With the popularity of computers and the flourishing development of the Internet, various information systems have emerged. Computer networks have become the tools that most people must use every day, but they also bring about related information security issues.
Therefore, ensuring the confidentiality, integrity and availability of information has become an important issue.
Companies or organizations extensively use a variety of application software to perform internal work operations. Information systems are an important asset for enterprises or organizations. Once information systems are damaged, the manpower and time required for recovery are considerable.
ISO 27001 is a complete set of verification standards. Enterprises or organizations can establish management systems according to their own requirements.
Implementing ISO 27001 Benefits:
Through systematic information security control measures to reduce information security risks, the following three goals are achieved:
1. Confidentiality of data: Ensure that only authorized users can access data according to their rights.
2. Integrity: Ensure that the data is complete and has not been stolen or improperly modified.
3. Availability of data: Ensuring authorized users can obtain information when they need data.
Regardless of size, area or location, ISO 27001 applies. For industries where information protection is important,
For example, financial, medical, public and IT fields are particularly applicable.
ISO 27001:2013 Information Security Management System:
ISO 27001:2013 is an information security management system based on "risk management". By importing and building ISO 27001 enterprise organizations, you can choose appropriate risk control measures to reduce or avoid risks and further establish overall security mechanisms.
In order to better comply with the current situation and needs of information security, ISO 27002 has not changed at all. Therefore, Appendix A has also been adjusted accordingly.
As a whole, the number of domains has increased from the original 11 areas A.5-A.15) to 14 areas A.5-A.18, but the number of control objectives From 39 to 35, the number of control measures also changed from 133 to 113, both of which reduced. The direction of adjustment will increase toward the area, and the control objectives and control measures will be more streamlined and effective.
Three Elements of Enterprise Evaluation Information Assets
01Confidentiality
Ensure that only authorized users can legally handle transmission and access data according to their rights.
02Integrity
Ensure that the information is correct and complete, not stolen or improperly modified.
The data exists in the form of transmissions, storage areas or processing centers.
03Availability
Ensuring that authorized users have access to information when they need to access it.
With the popularity of computers and the flourishing development of the Internet, various information systems have emerged. Computer networks have become the tools that most people must use every day, but they also bring about related information security issues.
Therefore, ensuring the confidentiality, integrity and availability of information has become an important issue.
Companies or organizations extensively use a variety of application software to perform internal work operations. Information systems are an important asset for enterprises or organizations. Once information systems are damaged, the manpower and time required for recovery are considerable.
ISO 27001 is a complete set of verification standards. Enterprises or organizations can establish management systems according to their own requirements.
Implementing ISO 27001 Benefits:
Through systematic information security control measures to reduce information security risks, the following three goals are achieved:
1. Confidentiality of data: Ensure that only authorized users can access data according to their rights.
2. Integrity: Ensure that the data is complete and has not been stolen or improperly modified.
3. Availability of data: Ensuring authorized users can obtain information when they need data.
Regardless of size, area or location, ISO 27001 applies. For industries where information protection is important,
For example, financial, medical, public and IT fields are particularly applicable.
ISO 27001:2013 Information Security Management System:
ISO 27001:2013 is an information security management system based on "risk management". By importing and building ISO 27001 enterprise organizations, you can choose appropriate risk control measures to reduce or avoid risks and further establish overall security mechanisms.
In order to better comply with the current situation and needs of information security, ISO 27002 has not changed at all. Therefore, Appendix A has also been adjusted accordingly.
As a whole, the number of domains has increased from the original 11 areas A.5-A.15) to 14 areas A.5-A.18, but the number of control objectives From 39 to 35, the number of control measures also changed from 133 to 113, both of which reduced. The direction of adjustment will increase toward the area, and the control objectives and control measures will be more streamlined and effective.
Three Elements of Enterprise Evaluation Information Assets
01Confidentiality
Ensure that only authorized users can legally handle transmission and access data according to their rights.
02Integrity
Ensure that the information is correct and complete, not stolen or improperly modified.
The data exists in the form of transmissions, storage areas or processing centers.
03Availability
Ensuring that authorized users have access to information when they need to access it.
-
+886 0800 800 246(ខ្សែទូរស័ព្ទផ្ទាល់) -
FACEBOOK
