Information security, cybersecurity and privacy protection. Governance of information security

Scope

What is ISO 27014 on the governance of information security about?

ISO 27014 discusses information security, cybersecurity and privacy protection. ISO 27014 provides guidance on concepts, objectives and processes for the governance of information security, by which organizations can evaluate, direct, monitor and communicate the information security-related processes within the organization.

Who is ISO 27014 on the governance of information security for?

ISO 27014 on the governance of information security is useful for:

• Governing bodies for information security
• Top management in firms
• Entities responsible for evaluating, directing and monitoring an information security management system (ISMS) based on ISO 27001
• Entities responsible for information security management that takes place outside the scope of an ISMS based on ISO 27001, but within the scope of governance

Why should you use ISO 27014 on the governance of information security?

Information security is a key issue for organizations, amplified by rapid advances in attack methodologies and technologies, and corresponding increased regulatory pressures. The failure of an organization’s information security controls can have many adverse impacts on an organization and its interested parties including, but not limited to, the undermining of trust.

ISO 27014 ensures effective implementation of information security and provides assurance that:

• Directives concerning information security are followed
• You will receive reliable and relevant reporting about information security-related activities

ISO 27014 assists you in making decisions concerning the strategic objectives for the organization by providing information about information security that can affect these objectives. ISO 27014 also ensures that the information security strategy aligns with the overall objectives of your organization.

© BSI 2022 All rights reserved

External Links