Charu Pelnekar, CISA, CISM, ACA, AICWA, BCOM, CISSP, CPA, MCSE, QSA
The goal of my vol. 4 article
is to provide guidance on the planning and decision-making processes associated with ISO/IEC 27001 implementation, including associated costs, project length and implementation steps. ISO/IEC 27001 requires a company to establish, implement and maintain a continuous improvement approach to manage its information security management system (ISMS). ISO/IEC 27001 and its supporting document, ISO/IEC 27002 (ISO/IEC 17799), detail 133 security measures, which are organized into 11 sections and 39 control objectives. The ISMS may be certified compliant with ISO/IEC 27001 by a number of accredited registrars worldwide. Independent assessment necessarily brings some rigor and formality to the implementation process.
Cloud providers seeking to provide mission critical services should embrace the ISO/IEC 27001 standard for information security management systems. If the provider has not achieved ISO/IEC 27001 certification, they should demonstrate alignment with ISO 27002 practices.
The Cloud Security Alliance is issuing an industry call to action to align cloud providers behind the ISO/IEC 27001 certification, to assure that scoping does not omit critical certification criteria.
The content of my article
is based on my own experiences with clients and the questions I was asked by cloud service providers and users. My article
provides a process framework for IT security implementation and can also assist in determining the status of information security and determining the degree of compliance with security policies, directives and standards necessary.
Read Charu Pelnekar’s recent Journal article: