Technical Security Enhancement Based on ISO/IEC 27001

An information security management system (ISMS) is an information assurance framework adopted to manage information security based on a systematic business risk approach, to establish, implement, operate, monitor, review, maintain, and improve information security. It is an organizational approach to information security. ISO/IEC 27001 is an international standard for information security that focuses on an organization’s ISMS. Any information security activity should be planned, implemented, and maintained within this ISMS framework. The ISMS will ensure that the right controls are developed to provide adequate information security and will satisfy all specifications required by users, customers, and partners.