ISO/IEC 27001:2013 specifies the requirements for establishing, implementing, maintaining, and continually improving an information security management system within the context of the organisation. It sets out the specification for an information security management system (ISMS)
Passed my BSI ISO 27001 exam last week, this is what I learned –
What is information security management (ISM)?
- Why ISM is important to an organization?
- The benefits of ISM
- The background of ISO/IEC 27001/2
- The key concepts and principles of ISO/IEC 27001:2013
- The terms and definitions used
- The main requirements of ISO/IEC 27001:2013