The Case for ISO27001

  • 1h
  • Alan Calder
  • IT Governance
  • 2005

What do you do to keep your business information secure?

Information and information systems are vital to your business. The electronic storage and exchange of data also presents some serious problems that you will have to confront.

Companies are at risk of cyber-attack from hackers, viruses and online fraudsters. Information security may also be compromised as the result of simple human error.

Manage cyber threat

To counter these threats, you have to identify the real information risks your company faces. Then you need to find the most appropriate ways to mitigate those risks. Adopting the ISO 27001 standard will give your organisation a reliable framework for creating an information security management system.

You have a responsibility to safeguard the information you hold on behalf of your customers. Adopting the ISO 27001 standard will protect the reputation of your company and safeguard its achievements.

The business case for investing in information security

  • Fight cybercrime - Introducing the ISO 27001 information security management system will help protect your business from the threat of organised crime.
  • Fight cyber-terror - Terrorist organisations now work with computers as well as explosives. Introducing an information security management system makes it easier to defend your company from a destructive cyber-attack.
  • Improve your corporate governance - Reducing your company’s financial exposure to the risk of losses resulting from IT system failure is now a corporate governance requirement. ISO 27001 will help you to comply.
  • Recover from accidents - With ISO 27001, you can minimise the risk that your information will be lost or corrupted as a result of human error.

About the Author

Alan Calder is the founder director of IT Governance Ltd (, a information, advice and consultancy firm that helps company boards tackles governance, risk management, compliance and information security issues. He has many years of senior management experience in the private and public sectors.

In this Book

  • The Case for ISO 27001
  • Introduction
  • Information Economy, Intellectual Capital
  • Information, IT and Competitiveness
  • Information Threats
  • Insecurity Impacts
  • ‘Traditional’ Threats
  • Information Risk in Large Organizations
  • Organized Crime
  • Terrorism
  • Evolving Threat Environment
  • Regulatory Compliance
  • Data Protection and Privacy
  • Anti-Spam Legislation
  • Computer Misuse Legislation
  • Human Rights
  • Record Retention and Destruction
  • Information Security Governance
  • Benefits of an ISO 27001 ISMS
  • ISO 27001 in the Public Sector
  • Is ISO 27001 for You?
  • How Do You Go About ISO 27001?
  • Selection of a Certification Body
  • Appendix: ISO 27001 – Past, Present and Future