ISO 27001 is a standard in Information Security Management, that is, it ensures implementation, operation, monitoring, reassessment, maintenance and improvement of Information Security Management System. Application of this standard stresses the importance of:
- Understanding the demand for information security in the organization and the need for defining policies and goals;
- Control, implementation and application considering overall business risks within the organization;
- Monitoring and reassessment of performances and effectiveness of Information Security Management and constant improvement based on objective measurement.