Académique Documents
Professionnel Documents
Culture Documents
ISO SO 27001
It is not a technical standard that would describe the ISMS into technical detail y on information It does not focus only technology, but also on other important assets at the organization g
ISO SO 27001
Focuses on all business processes and business assets g the risks for information Focuses on reducing that is valuable for the organization Information may or may not be related to information technology, may or may not be in a digital form
10
11
Duration of implementation
For very small organizations (less than 10 employees) - up to 4 months g ( (10 to 50 employees) p y ) For small organizations - up to 8 months For middle sized organizations (50 to 500 employees) - up to 12 months For large organizations (500 or more employees) - up to 18 months
2011 Information Security & Business Continuity Academy www.iso27001standard.com 12
C Cost of f implementation
It is not possible to calculate the cost before the risk assessment is completed and applicable controls are identified Majority of investment is usually not in technology, gy, but in employees p y that are implementing the ISMS (invested time + trainings) g )
13