ISO 27001, formerly known as BS 7799, is the international standard that describes best practice for an information security management system (ISMS).
The Standard is a benchmark for organisations to demonstrate that they follow best practice on information security. With cyber crime on the increase, it’s important that organisations within the Gulf Cooperation Council (GCC) states have strategies in place to protect their assets.
ISO 27001 certification has grown steadily over the past five years in the Middle East, but when compared to the staggering number of certifications achieved in Europe and Asia, there is still a long way to go.
Figure 1: Statistics from the ISO Survey
Most organisations in the GCC countries understand that protecting their information assets is critical to their survival. However, many still believe ISO 27001 is too complicated and difficult to implement.
ISO 27001 not what it’s made out to be
Brian Honan, author of June’s book of the month, ISO27001 in a Windows® Environment, told IT Governance that many people think ISO 27001 will “require thousands of mandates, lots of money to invest in IT equipment and systems, and would take forever to get implemented”.
On the contrary, he said that the Standard is not as complicated as many might think, and that one might not have to buy new systems or security systems to comply.
Listen to the full podcast with Brian below:
Implement ISO 27001 on your current Windows system
Many of the technical controls in ISO 27001 can be addressed with the inbuilt functionality and tools in Microsoft Windows.
ISO27001 in a Windows® Environment gives essential guidance for anyone looking to implement ISO 27001 using Windows technology:
- Details the various controls required under ISO 27001:2013, together with the relevant Microsoft products that can be used to implement them.
- Explains how to make the most of Windows security features.
- Is ideal for bridging the knowledge gap between ISO 27001 and Windows security.