But to access the benefts described above, the correct systems should be implemented properly and efectively. There are diferent types of standards in the ISO/IEC 27000 family; each of the standards has its own benefts. You will not enjoy all the possible benefts from just one set of standards.

For example , the ISO/IEC 27001 is the “Information technology—Security techniques—Information Security Management Systems—Requirements”, while the ISO/IEC 27002 is the “Information technology— Security techniques—Code of practice for information security management”. The frst set provides the requirements needed to create and operate an efective ISM system (that includes a set of controls that will help to minimize potential risks). The second set provides guidance on how to implement these information security controls. Both of them are needed to fully reap the potential benefts.

To get certifcation, an organization or company has to pass through some sequential and systematic processes. If the organization is able to pass all the necessary steps, then it will be eligible to apply itself toward these standards.

There are a large number of critical factors that should be considered when implementing an ISM system (this of course includes a company’s overall business objectives). The critical factors are as follows: • The policy, activities, and objectives of the

other objectives.

f m

t

To achieve successful ISMS , commitment and visible support are needed from all the levels of management (especially from top-level

management). Complete understanding is required during all stages of the security management process in order to achieve true information security. Proper training and education (for all the employees and the relevant parties) about the awareness and benefts of the Information Security Management Systems is needed. The security management process should be properly structured to face all external and internal changes as they emerge. A system for measuring performance is also needed in order to evaluate progress and success.

Excellent security systems will meet all the requirements put forth by the organization, while, at the same time, providing top-level security to the fow and management of information within the organization. A highly skilled and efcient top-level management is needed if you want to reap all the possible benefts; there is no other alternative. If you are the owner of an organization and are trying to gain these benefts, then the implementation of the ISMS in your organization is the obvious solution.