ISMS is Not equal to Real Security!

Is having an information security management system equal to actual security? 

Nop! Having an information security management system is not an indication of quality of security controls. Management systems are easier way of administration in a standard and systematic way, but they do not necessarily an indication of security control effectiveness. 

As an example, ISO 27001 as one of the most popular information security management system to date, has no effect on the quality of your controls, as there is no judgement on implementation quality, effectiveness and type of security controls. It is just the judgement of logic. 

This is no surprise though comparing to any other management system like ISO 9001 famous Quality where you can find thousands of firms holding to that certification with lowest quality of products. You will find same number of firms holding tightly to their ISO 27001 certification as an indication of “presence of quality security” but literally are at the lowest bracket of information security effectiveness in practice. 

Let’s say one has a system to fully manage firewall within an enterprise, all the rules are justified, reviewed and approved by head of your technology department (which FYI you could barely find such a well-managed system, but still let’s pretend it’s not a big deal). Does it mean firewall rules are technically security and configured in a way that address organization concerns?! 

However, an information security management system, whether globally recognized like ISO 27001 or organically internally created by your organization could be the best tool to approach your security program; it is all about execution and understanding of information security elements ‘particularly in regards to your business’. 

Kaveh Mofidi

By Kaveh Mofidi

I find simple solutions for complex problems. While I enjoy working with information security and computers, our challenges extend far beyond securing data. The real task is to discover solutions for unlimited clean energy, drinkable water, and addressing the root causes of hunger, war, and injustice. Our primary goal should be to keep our planet livable; that is the true challenge we face on Earth!