ISO 27001:2013

• Provides senior management with an efficient management process
• Provides you with a competitive advantage
• Reduces costs due to incident and threat minimization
• Demonstrated compliance with customer, regulatory and/or other requirements
• Sets out areas of responsibility across the organization
• Communicates a positive message to staff, customers, suppliers and stakeholders
• Integration between business operations and information security
• Alignment of information security with the organization’s objectives
• Puts forward true value through enhancement of marketing opportunities

Technical controls are primarily implemented in information systems, using software, hardware, and firmware components added to the system. E.g. backup, antivirus software, etc.

Organizational controls are implemented by defining rules to be followed, and expected behaviour from users, equipment, software, and systems. E.g. Access Control Policy, BYOD Policy, etc.

Legal controls are implemented by ensuring that rules and expected behaviours follow and enforce the laws, regulations, contracts, and other similar legal instruments that the organization must comply with. E.g. NDA (non-disclosure agreement), SLA (service level agreement), etc.

Physical controls are primarily implemented by using equipment or devices that have a physical interaction with people and objects. E.g. CCTV cameras, alarm systems, locks, etc.

Human resource controls are implemented by providing knowledge, education, skills, or experience to persons to enable them to perform their activities in a secure way. E.g. security awareness training, ISO 27001 internal auditor training, etc.