// THREAT DETECTION AND DATA PRIVACY TERM
ISO 27001
ISO 27001 is an international standard that outlines the requirements for establishing, implementing, and continually improving an Information Security Management System (ISMS). It provides a framework to help organizations of any size or industry protect their information in a systematic and cost-effective way.
TECHNICAL DEFINITION
ISO/IEC 27001 is the leading international standard for an Information Security Management System (ISMS), providing a risk-based framework for managing an organization's security controls to protect the confidentiality, integrity, and availability of information assets. Certification demonstrates compliance with its requirements, including the security controls listed in its Annex A, covering areas like access control, cryptography, and incident management.
BACKGROUND
Information security standards are guidelines generally outlined in published materials that aim to protect a user's or organization's cyber environment from threats. This environment includes the users themselves, hardware such as devices and networks, software such as applications or services, and any information in storage or transit. In general, a cyber environment consists of systems that can be connected, directly or indirectly, to networks.
READ MORE ON WIKIPEDIASYNONYMS & ALIASES
- ISO/IEC 27001
- ISMS Standard
- Information Security Management Standard
- ISO27K
- InfoSec Certification
USAGE NOTE
Achieving ISO 27001 certification is often a key requirement for enterprise contracts and serves as verifiable proof of an organization's commitment to information security.
DEVELOPERS
Organizations developing technology related to ISO 27001.
Develops a security and compliance automation platform that helps businesses streamline the process of achieving and maintaining ISO 27001 certification by automating evidence collection, security monitoring, and audit readiness.
Provides a security and compliance automation platform designed for continuous monitoring of an organization's control environment, helping to simplify and accelerate ISO 27001 compliance and other security frameworks.
Offers an all-in-one platform for security and privacy compliance. Their technology helps companies get audit-ready for standards like ISO 27001 by automating tasks, managing policies, and monitoring controls.
Provides a comprehensive platform for privacy, security, and governance. Its GRC (Governance, Risk, and Compliance) modules help organizations manage information security management systems (ISMS) in line with ISO 27001 requirements.
Develops the Now Platform, which includes a Governance, Risk, and Compliance (GRC) application. This technology enables organizations to automate and manage the policies, controls, and risk assessments required for ISO 27001 compliance on an enterprise scale.
A leader in Security Information and Event Management (SIEM) and data analytics. Splunk's platform is a critical technology for meeting ISO 27001 controls related to logging, monitoring, and incident detection and response.
Specializes in vulnerability management and cyber exposure technology. Its platforms, including Tenable.io, are used to identify, assess, and manage technical vulnerabilities, a core requirement of the ISO 27001 Annex A controls.
Offers security awareness training and a GRC platform called KCM. This technology directly addresses ISO 27001 controls for security awareness training and helps organizations manage the overall compliance and audit process.