"Raising the Standard of Information Security Governance with ISO 27001"

Abstract

In the rush to meet regulatory or customer mandates, organizations have spent millions of dollars in implementing security and compliance measures on an issue-by-issue or regulation-by-regulation basis.

These approaches to compliance and information security governance are filled with unnecessary risks and costs. This is demonstrated by the fact that over 90 million customer data records have been compromised in the last 18 months by public companies, universities, and government agencies due to breaches in security.

Clearly, the standards of Information Security Governance must be raised. What is needed is an approach that is effective, efficient, and sustainable. This paper explains how such an approach is achievable by establishing it on the secure foundation of the ISO 17799 and ISO 27001 international standards.

This paper is intended to assist Chief Security Officers, CIOs, CFOs, Chief Risk Officers, Heads of Internal Audit, and external influencers of security policy including CPAs, attorneys, insurers, and ratings agencies in evaluating the business case for using ISO 27001 as a framework for effectively governing information security.

In September 2006 Wolcott Group and IBM sponsored a study with U.S. corporations to understand how increased security was influencing their policy for 2007 and this Point-of-View includes insight from that report.

Download this white paper. Please note that a valid email address will be required.