Response to Discussion 5 ERM
Follow the latest APA 7 format.
Full references with link in hanging indent format.
Reply to two peer post which is in the attachement, 150-300 words each. Please add more intext citations. Follow the APA format.
Complete by Sunday afternoon. The two substantive posts will do at least TWO of the following:
Ask an interesting, thoughtful question pertaining to the topic
Answer a question (in detail) posted by another student or the instructor
Provide extensive additional information on the topic
Explain, define, or analyze the topic in detail
Share an applicable personal experience
Provide an outside source (for example, an article from the UC Library) that applies to the topic, along with additional information about the topic or the source (please cite properly in APA)
Make an argument concerning the topic.
At least one scholarly source should be used in the initial discussion thread. Be sure to use information from your readings and other sources from the UC Library. Use proper citations and references in your post.
Arjun Jujjuri
Week 5 Discussion
My organization does not have ISO27001. However, it would be very important if my organization acquire ISO27001. This is because there are many benefits associated with this certification. ISO27001 requires that regular risk assessments be conducted based on the business flow and information assets within the organization. By conducting a risk assessment, it is possible to comprehensively and quantitatively express information security risks within the company, and it is possible to understand what kind of information security risks are in each business and how dangerous they are. By understanding the risks, you can also make a risk response plan (Pattanavichai, 2018). It is possible to reduce the information security risk of the entire organization by conducting the risk assessment risk response initiative on a regular basis (for example, once a year).
Raising employee awareness is essential to maintaining a high level of information security. ISO27001 requires regular employee training. Lectures on accident cases of other companies, common security accidents, points that each employee should be aware of, etc. will lead to improvement of each employee’s security awareness, and security due to accidental mistakes such as incorrect transmission and transcription mistakes. It is possible to reduce accidents (Carvalho & Marques, 2019).
Information security has the concept of “availability”. This is “the property that anyone who is authorized can access that information at any time.” If the desired material cannot be found immediately (for example, the cabinet is not organized or the desk is cluttered), information security is “loss of availability” and the security level is lowered. It will be a thing. ISO27001 efforts include clear desks and clear screens, that is, “organization”, so by making good use of ISMS, it is possible to organize internal information and improve work efficiency (Carvalho & Marques, 2019).
ISO27001 is not only the technical security measures for computers, but also the basic policy (security policy) for handling information and the system / mechanism including concrete planning, implementation, operation, and review for realization. It is a covered certification standard.
References
Pattanavichai, S. (2018). Design Network Model for Information Security Management Standard depend on ISO 27001. GSTF Journal on Computing, 5(4).
Carvalho, C., & Marques, E. (2019, June). Adapting ISO 27001 to a Public Institution. In 2019 14th Iberian Conference on Information Systems and Technologies (CISTI) (pp. 1-6). IEEE.
Regards,
Arjun Venkata Madhu Manaswini Vinnakota
Week 5 Discussion board
ISO 27001:2013 (the current version of ISO 27001) is one of the most popular information security standards in the world. More companies are achieving ISO 27001 certification to underline the robustness of their information security management.
Compliance with ISO 27001 was previously about having a competitive edge, but as ISO 27001 certification becomes the norm for best-practice information security, its increasingly a minimum entry to a tender or contract renewal. Conformity to the standard can make the difference between winning and losing those all crucial tenders.
The ISO first released its family of standards in 2005 and since then has made periodic updates to the various policies. For ISO 27001, the latest significant changes were introduced in 2013 (Tamimi, 2019). Ownership of ISO 27001 is actually shared between the ISO and the International Electrotechnical Commission (IEC), which is a Swiss organization body that focuses primarily on electronic systems.
Ways in which ISO 27001 certification can benefit the organization:
Avoid hefty fines- ISO 27001 is the accepted global benchmark for the effective management of information assets. It enables organizations to avoid the costly penalties associated with non-compliance with data protection requirements and the financial losses resulting from data breaches.
Protect the reputation. Cyber-attacks are on the increase in Ireland, and can have a massive impact on your organisation and its importance (Hsu, Wang & Lu, 2016). An ISO 27001-certified ISMS (information security management system) helps protect your organisation and keeps you out of the headlines
Comply with business, legal, contractual and regulatory requirements. ISO 27001certification is also in line with rigid regulatory requirements such as the GDPR (General Data Protection Regulation), the NIS Directive (Directive on security of network and information systems), and other cybersecurity laws.
Improve structure and focus. When an organisation grows rapidly, it does not take long before there is confusion around responsibility for information assets. ISO 27001 helps organisations set up clear information risk responsibilities.
Reduce the need for frequent audits. ISO 27001 certification is globally accepted and demonstrates adequate security, reducing the need for repeat customer audits.
References
Tamimi, Moutasm & Aljohani, Reham & Alharbi, Boudor & Alshahrani, Manal. (2019). SECURITY REVIEW BASED ON ISO 27000/ ISO 27001/ ISO 27002 STANDARDS: A CASE STUDY RESEARCH.
Hsu, Carol & Wang, Tawei & Lu, Ang. (2016). The Impact of ISO 27001 Certification on Firm Performance. 4842-4848. 10.1109/HICSS.2016.600.
