Significance of ISO/IEC 27001 in the Implementation of Governance, Risk and Compliance

Sanskriti Choubey; Astitwa Bhargava

Year: 2018
Volume: 6
Issue: 2

Significance of ISO/IEC 27001 in the Implementation of Governance, Risk and Compliance

Author:
Sanskriti Choubey¹, Astitwa Bhargava²
Total Page Count: 4
DOI:
Page Number: 30 to 33

¹Master of Science in Cyber Law and Information Security, National Law Institute University, Bhopal, India

²Rajeev Gandhi National Cyber Law Centre, National Law Institute University, Bhopal, India

Online published on 6 September, 2019.

Abstract

In organisations, ‘Governance’, ‘Risk’ and ‘Compliance’ (GRC) are among the basic and strongest pillars that work together for the purpose of assuring organizations in meeting their objectives through effective utilization of the available people, process and technology. It is challenging task for most enterprises for sustaining Information Security GRC program with the evolving governance needs, changing risk environment and multiple compliance requirements. ISO 27001: 2013 encompasses all the goals of GRC under its Information Security Management System (ISMS) framework through which an effective GRC framework could be established and maintained. In this research paper, researcher have established the relationship between ISO 27001: 2013 and GRC while discussing the standard along with GRC objectives.

Keywords

ISO/IEC 270012013, GRC, ISMS, Risk Management, IT Governance

International Journal of Scientific Research in Network Security and Communication

Significance of ISO/IEC 27001 in the Implementation of Governance, Risk and Compliance

Abstract

Keywords

Products

Company

Account

Support