3 ISMS Controls

The ISO 27001 standard recommends taking a risk-based approach to information security. Organizations must identify and address information security threats by establishing controls as a result of this.

The measures are detailed in Annex A of the standard. In Annex A of the ISO 27001 standard, there are 93 controls separated into 4 groups – A.5 through A.8. The implementation of all 93 controls is not required, and only a small number of them are mandatory to be recorded. It is up to the company to determine what to implement and what not to, based on their risk management methodology. This freedom of choice allows businesses to focus on the controls that are most important to them rather than wasting money on those that aren’t. ...

Get Mastering Information Security Compliance Management now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Mastering Information Security Compliance Management by Adarsh Nair, Greeshma M. R.

3

ISMS Controls

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly