Response to Discussion 5 ERM
Arjun Jujjuri
Week 5 Discussion
My organization does not have ISO27001. However, it would be very important if my organization acquire ISO27001. This is because there are many benefits associated with this certification. ISO27001 requires that regular risk assessments be conducted based on the business flow and information assets within the organization. By conducting a risk assessment, it is possible to comprehensively and quantitatively express information security risks within the company, and it is possible to understand what kind of information security risks are in each business and how dangerous they are. By understanding the risks, you can also make a risk response plan (Pattanavichai, 2018). It is possible to reduce the information security risk of the entire organization by conducting the “risk assessment → risk response” initiative on a regular basis (for example, once a year).
Raising employee awareness is essential to maintaining a high level of information security. ISO27001 requires regular employee training. Lectures on accident cases of other companies, common security accidents, points that each employee should be aware of, etc. will lead to improvement of each employee's security awareness, and security due to accidental mistakes such as incorrect transmission and transcription mistakes. It is possible to reduce accidents (Carvalho & Marques, 2019).
Information security has the concept of "availability". This is "the property that anyone who is authorized can access that information at any time." If the desired material cannot be found immediately (for example, the cabinet is not organized or the desk is cluttered), information security is "loss of availability" and the security level is lowered. It will be a thing. ISO27001 efforts include clear desks and clear screens, that is, "organization", so by making good use of ISMS, it is possible to organize internal information and improve work efficiency (Carvalho & Marques, 2019).
References
Pattanavichai, S. (2018). Design Network Model for Information Security Management Standard depend on ISO 27001. GSTF Journal on Computing, 5(4).
Carvalho, C., & Marques, E. (2019, June). Adapting ISO 27001 to a Public Institution. In 2019 14th Iberian Conference on Information Systems and Technologies (CISTI) (pp. 1-6). IEEE.
Regards,
Arjun