ISO 27001 is easy to understand whereas NIST is dense and will require more resources.Īlso, companies can also be audited against the ISO 27001 standard and get certified on the implementation of the standard, whereas this can’t be done for NIST. Then why should I use (read buy) ISO 27001 and not freely available NIST?įor many companies which are based in the UK – ISO 27001 is the preferred standard whereas for the companies which are based in the US – NIST is preferred. No, there are many other standards like NIST that can be taken as a baseline to secure the assets. Is it mandatory to refer to ISO 27001 standard? So for instance, if I am starting a new company tomorrow and would like to secure the assets of the company, how would I know what security measures I need to take. ISO 27001 is an international standard for ensuring that the assets in an Information Security Management System (ISMS) have a minimum set of acceptable controls. In this post, I will distinguish the key differences between ISO 27001 standard and SOX 404.īut as always, let’s start with what these terms mean and why are they so important for the industry. The members of the group had some experience in the IT Audit, I realized a common theme in their misunderstanding of ISO 27001 and SOX 404 as they used both the terms interchangeably. I recently met with a group who wanted to get started in the IT Audit.
0 Comments
Leave a Reply. |