In the current moment of initiation and expansion of information security management systems (hereinafter ISMS), the main concern is naturally to achieve the construction and establish well the processes that allow to build the cycle of continuous improvement and certify the system.
However, as the years go by, these systems must mature to truly meet the objectives set by the Directorate. One of the great benefits of implementing a management system based on ISO 27001 must be to move from a "security based on sensations" to a "security based on behavioral data" that allows to show and above all, demonstrate that things are being controlled and remain within ranges of acceptable or desired values.
Continue reading Part I in INTECO Information Security Observatory and II
