ISO 27001, is the international standard that describes best practice for an information security management system (ISMS).
The Standard is a benchmark for organisations to demonstrate that they follow best practice on information security. With cyber crime on the increase, it’s important that organisations within Asia Pacific have strategies in place to protect their assets.
ISO 27001 certification has grown rapidly worldwide, particularly in East Asia and Pacific, which in 2016 reached almost 15,000 certifications – the highest number across the world.
Figure 1: Statistics from the ISO Survey
Japan, China and Taiwan have the highest number of certifications in this region, closely followed by Australia and Korea.
These figures highlight how most organisations in Asia Pacific understand that protecting their information assets is critical to their survival. However, there are still many organisations that believe ISO 27001 is too complicated and difficult to implement.
ISO 27001 is not as difficult to implement as you might think
Brian Honan, author of June’s book of the month, ISO27001 in a Windows® Environment, told IT Governance that many people think ISO 27001 will “require thousands of mandates, lots of money to invest in IT equipment and systems, and would take forever to get implemented”.
On the contrary, he said that the Standard is not as complicated as many might think, and that one might not have to buy new systems or security systems to comply.
Listen to the full podcast with Brian below:
Implement ISO 27001 on your current Windows system
Many of the technical controls in ISO 27001 can be addressed with the inbuilt functionality and tools in Microsoft Windows.
ISO27001 in a Windows® Environment gives essential guidance for anyone looking to implement ISO 27001 using Windows technology. It:
- Details the various controls required under ISO 27001:2013, together with the relevant Microsoft products that can be used to implement them;
- Explains how to make the most of Windows security features; and
- Is ideal for bridging the knowledge gap between ISO 27001 and Windows security.