ISO 27001 is a standard for implementing an Information Security Management System(ISMS) for the company. An ISMS is a framework to manage information security risks.
Idea behind 27001 is you to become proactive, not reactive.
There are 14 domains in ISO 27001:
- Information security policy
- Organization of information security
- Asset management
- Human resources security
- Cryptography
- Physical and environmental security
- Operations security
- Communications security
- Access control
- Information systems acquisition, development and maintenance
- Supplier relationships
- Information security incident management
- Business continuity management
- Compliance
