ISO-IEC 27001
ISO/IEC 27001 is an international standard that provides an information security management system (ISMS) framework to ensure adequate and proportionate security controls are in place.
- Information Technology—Security Techniques—Information Security Management Systems— Requirements
- provides a framework for creating an information security management system
- uses a risk-based approach
- 2017 update to meet EU’s GDPR requirements
- Section 14 addresses business continuity management
- very costly