ISO 27000 - Starting from Scratch for a Smallish Law Firm
posted in Community by
harrydavidson701l3
I'm beginning a new job at a law firm. Right now, we are small but we have big clients and I think it would add some value to start working towards IT security standards. But I have no idea where to start. For my last job, I walked into a ISO 13485, ISO 9001 certified organization.
Any help is appreciated.
Thanks and best,
supadrai
2 years, 5 months ago
well, there's a lot of work to do my friend. Let's first grab a copy of (1) ISO/IEC 27001 which specifies the requirements for Information security management systems and (2) ISO/IEC 27003:2017 which is the guideline for implementing an information security management system in accordance with ISO/IEC 27001 requirements.
Apart from the above mentioned, i would personally suggest that you start by wrapping your head around the very basic idea of information security management:
1. Identify and evaluate risks to the security of information.
2. Identify and employ controls to reduce/mitigate each risk.
3. Monitor, evaluate and improve the effectiveness of the controls used to reduce the risks to your company's security of information.
Please let me know if this begins to answer your question, and i will be available for any additional questions you may have.