ISO 27001 is the formal set of specifications against which organizations may seek certification of their Information Security Management System. The intent is to bring information security under management control and to instill process into an organization. While most companies have an IT and / or an information security department, best practices of an Information Security […]
Information Security Management System. You can undergo a point in time audit or assessment and be compliant, but what happens a week later when patches have gone un-applied? Out of compliance again.