Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
ISO/IEC 27001:2013
Supporting content
ISO/IEC 27002:2005
Information can be :
Created
Stored
Destroyed
Processed
Transmitted
Used (for proper and improper purposes)
Corrupted
Lost
Stolen
Copyright Nashwan Mustafa 2018 ISO27001:2013 9
INFORMATION TYPES
Information can be :
Printed or written on paper
Stored electronically
Transmitted by post or electronic means
Shown on videos
Displayed or published on web
Verbal ie spoken in conversations
Received by listener or receiver (intentionally or inadvertently)
• Availability - the property of being accessible and usable upon demand by an authorized
individuals, entities, or processes
Governmental laws and regulations with (or will have) a significant effect on InfoSec
810
2987
30,000
Middle East
2569
25,000 East Asia and Pacific
Europe
511
14704
451 2251 North America
20,000 2002
332 Central / South America
1668 11994
Africa
279
1497
15,000 218 10414
1328
10116
206 10422
1303
9665
10,000 8788
128
839 12532
71
519 7394
10446
383 5807 8663
5,000 7952
5550 6379
4210 4800 5289
3563
2172 1445 1469
1064 1432 435 552 712 814
,0 112 212 322 329
2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016
Copyright Nashwan Mustafa 2018 ISO27001:2013 21
What is ISO/IEC 27001:2013?
Process approach for establishing, implementing, operating, monitoring, reviewing,
maintaining and improving an organization’s ISMS:
ISO/IEC 27002:2013 is a better reference for selecting controls when implementing an ISMS based on
ISO/IEC 27001:2013, either for certification purposes or alignment to a leading standard. Or it could simply be
used as a guidance document for implementing commonly accepted information security controls.
Nashwan Mustafa
Eng_nashwan@yemen.net.ye
00967777013189