A new international standard aims to combat information security flaws and prevent threats to ensure business continuity, minimize damage and maximize return on investments. The new standard, ISO/IEC 27001:2005 was jointly published by the International Organization for Standardization and the International Electrotechnical Commission. It integrates the process-based approach of management system standards in a framework for companies to use in protecting information security. It complements the recently revised ISO/IEC 17799:2005, which describes and lists individual security controls that may be applied as part of the security management system described by ISO/IEC 27001.

“The publication of ISO/IEC 27001:2005 is a big event in the world of information security and the standard has been eagerly awaited,” says Ted Humphreys, convenor of the working group responsible for managing the standard’s development. “It is a standard that all security-conscious organizations should look to implement.”

 …