Politehnica University of Bucharest,
313, Splaiul Independentei, Bucharest, Romania
Abstract: Information security in an organization is one of the most important pillars in achieving organizational objectives. It does not produce profit but it offers the necessary framework for efficiency and efficacy in organization. Information security can be provided in an organization through the implementation and certification of an ISMS–Information Security Management System. This paper presents some aspects regarding the information security management system in an organization and underlines the importance of the adoption of an ISMS and the new elements in ISO/IEC 27001:2013 (new concepts, requirements and changes introduced in the standard). An analysis regarding the correlation between the business risks and features & advantages of the ISO/IEC 27001 standard is presented. There is also proposed a guide for adopting the ISO/IEC 27001:2013 standard, which implies a self-assessment of the organization (which allows to identify where the organization in the ISO/IEC 27001 process is) and strategies (concrete steps and the allocation of resources). The proposed guide will help the organization to understand the relationship between ISO/IEC 27001:2013 and its predecessor ISO/IEC 27001:2005.
Keywords: Information security, standards, management systems, organizations, ISO/IEC.
CITE THIS PAPER AS:
Bogdan ŢIGĂNOAIA, Some Aspects Regarding the Information Security Management System within Organizations – Adopting the ISO/IEC 27001:2013 Standard, Studies in Informatics and Control, ISSN 1220-1766, vol. 24 (2), pp. 201-210, 2015.