In theory when you implement these standards your organization should have improved efficiency and security because every procedure was carefully created to work in perfect harmony with all other procedures. So all your departments will be able to work together, and as all procedures are followed the overall security of your network will improve.
In the real world the main advantage is that it is a requirement for working with certain organization. The main problems are that either your procedure are not actually followed by the workers mainly because the procedures become obsolete faster than your procedure creation process can produce them. Also it generates tons and tons of reporting on stuff.
In theory I am all for implementing it, but so far I haven't found a good working implementation of it, in which the workers really see the benefit.
Coming back to your question, it is important to know about it because it will be something you will come across sooner or later. Either as a consultant or as a manger.
Your can also sell it for hundreds of thousands of dollars. It is almost a whole business branch.
1. You may be working for a company which is entering into a contract that involves sharing or managing data. The parties may decide to say that they will conform to the ISO 27000 standard as a shorthand way of specifying all the security requirements.
2. Your employer is likely to be subject to information security audits, either internal or external. Auditors often use 27000 as a way to structure their audits, so it will help you to be familiar with it.
3. If you work for a computer services company, you may want to certify your organisation against these standards, as a way to improve your competitive standing.
4. Even if you don't wish to pursue certification, organisations have legal obligations to protect confidential information, and in practice this often translates into being able to demonstrate that you follow accepted standards of good practice. 27000 is an important source of such standards.
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum