WORKSHOP „ISO/IEC 27001 – INFORMATION SECURITY MANAGEMENT SYSTEM“
The main lecturer was Mr. Ariosto Farias Jr. from Brazil, and the workshop was attended by 40 participants - representatives of the ministries and institutions of Bosnia and Herzegovina, economic organizations, employees from the standardization area and consultants from all Bosnia and Herzegovina. The presentations were focused on the standard requirements and the benefits of its implementation, and the participants actively participated in the workshop through discussion, individual and group exercises.
Information is an asset which, like other important business assets, adds value to the organization and consequently need to be protected. Information security protects information from a large range of threats in order to ensure business continuity, minimize business damage and maximize return on investments and business opportunities. Information Security Management System (ISMS) is a system approach to managing sensitive company information so that it remains secure. It encompasses people, processes and IT systems.
ISO/IEC 27001:2005 Information technology - Security techniques - Information security management systems - Requirements, is an international standard related to the protection and security of information. Standard can be implemented in various areas of application as well as for distinguishing the possible organizational processes that are associated with security management controls, such as security policy, organization security, control and classification of sources, security of personnel, security of material goods and the environment, operational management and communication, access control, development and maintenance of various systems and business continuity management.
This serie includes standards that : define the requirements for ISMS, provide support, detailed guidance and instructions for overall PDCA process (Plan-Do-Check-Act), provide specific sectoral guidelines for ISMS and conformity assessment for ISMS.
Standard ISO/IEC 27001:2005 is an important standard for organizations providing services in areas associated with information technology and need to preserve the confidentiality of information. Its implementation and application provides better cooperation with similar organizations around the world that operate under this model. By this standard organizations are demonstrating to its customers and other stakeholders that they operate under business process that are based on the safety principles and that their business policy is aimed to continual improvement of information security management system and other related processes for providing services.
Workshop participants think the workshop was well organized, very useful and interesting due to the actuality of its subject. Also, they expressed satisfaction with the quality of the lecturer, Mr. Farias, whose international experience and excellent knowledge of this standard and its subject significantly contributed to the success of the workshop.
Director of the Institute for Standardization of Bosnia and