What is the ISO 27001 standard and LIS?
Published on February 28, 2019
ISO 27001 is the well-established, international standard when it comes to information security. It is optimized for all types of enterprises, both large and small ones. The standard is written by experts and provides requirements related to establishing, introducing, maintaining and constantly improving the system for managing information security. The standard is divided into several sections covering different areas such as: guidance (27002), risk management (27005) and incident management (27035). The first section, ISO 27001, includes the requirements that must be fulfilled in order to certify against the standard. Certification is still quite rare in Sweden, but often a requirement in order to perform IT-related business abroad. To achieve ISO 27001 certification, an independently performed audit must be conducted to ensure the organization has fulfilled the relevant requirements. Secure State Cyber is not able to certify, but our identify and implementation services will assist you in establishing a functional organization that will meet the requirements of ISO 27001. More information about the international standard is available on ISO’s website.
INFORMATION SECURITY MANAGEMENT SYSTEM
Information Security Management System (LIS) is a common Swedish term which signifies an established management system that guides the information security work within the organization. The design of the ISMS determines how you evaluate and protect the information you have access to. A well-designed ISMS leads to the fulfillment of the requirements stated in ISO 27001 and your information will therefore remain confidential, correct and available, as required by both you and your customers. The work process with ISMS consists of four steps:
- Identification and analysis – This step involves identifying what information assets and security risks that exists. The desired result of this step is a clear picture of the existing risks in regard to information security and which of your information assets they concern.
- Design – Based on the results of the identification and analysis process, the information security management system is designed. In this step, objectives for information security, responsibility and role distribution, control documents and an action plan for achieving the goals, among other things, are established.
- Implementation – In this step, the work that has been done in the design process is implemented. This involves continuous work in accordance with the control documents and trying to carry out the established action plan.
- Follow-up and improvement – Evaluating the design and implementation of the management system is of great importance in order to allow improvement of the proceeding work with information security.
Secure State Cyber offers services to help your organization identify and implement a tailor-made information security solution that is based on, among other things, ISO 27001 (ISMS). More information about LIS is available at informationssakerhet.se.