LEARN
ISO 27001
CLAUSES WITH
� PROLOGUE
ISO 27001 is an international standard that
specifies requirements for an information
security management system (ISMS) to help
organizations keep their information assets
secure. The standard is divided into several
clauses, and here's an explanation of each
clause with an analogy to the Money Heist web
series.
� 01
SCOPE
This clause defines the applicability of the ISO 27001
standard.
★★★
In Money Heist, the team carries out the ambitious plan to
rob the Royal Mint of Spain. The plan involves entering,
printing money and escaping from the bank.
� 02
NORMATIVE REFERENCES
This clause lists the external standards and guidelines
that are applicable to the ISMS.
★★★
The team uses the external sources like the police
protocols and bank security measures to plan the heist.
� 03
TERMS & DEFINITIONS
This clause provides definitions of the terms used in the
standard.
★★★
The heist team uses the coded language and specific
terms to communicate with each other.
� 04
CONTEXT OF THE ORGANIZATION
This clause requires the organization to consider its
internal & external context when establishing the ISMS.
★★★
The team's first step involves gathering information about
the Royal Mint, its security systems, the potential hostages
& external factors affecting their heist.
� 05
LEADERSHIP
This clause requires the organization's top management to
demonstrate leadership and commitment to the ISMS.
★★★
The Professor demonstrates leadership and commitment to
the heist plan and ensures that the team stays on track with a
clear strategy and vision.
� 06
PLANNING
This clause requires the organization to plan the ISMS
and its processes.
★★★
The team plans every step of the heist from entering to
printing the money to escaping with it.
� 07
SUPPORT
This clause requires the organization to provide resources
and support for the ISMS.
★★★
The team uses their skills, resources, equipment & takes
support from external parties like hackers and helicopters to
execute the heist plan.
� 08
OPERATION
This clause requires the organization to implement and
operate the ISMS processes.
★★★
The team executes according to their pre-defined plans,
implements security measures such as hacking into the
Royal Mint's systems, disguising themselves as
employees to distract the police etc.
� 09
PERFORMANCE EVALUATION
This clause requires the organization to evaluate the
performance of the ISMS and its processes.
★★★
The team evaluates the success of their plan at each
step of the heist and makes adjustments if needed, to
ensure their success.
� 10
IMPROVEMENT
This clause requires the organization to continually
improve the ISMS and its processes.
★★★
The team learns from their mistakes and improves their
plan for future heists.
� DID YOU FIND THIS
HELPFUL?
FOR FREE INFOSEC
CHECKLISTS | WHITEPAPERS
TEMPLATES | VIDEOS
FOLLOW US ON
