Jump to content

ISO/IEC 27000

From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by NoticeBored (talk | contribs) at 05:06, 2 December 2016 (Updated in 2016). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

ISO/IEC 27000 is part of a growing family of ISO/IEC Information Security Management Systems (ISMS) standards, the 'ISO/IEC 27000 series'. ISO/IEC 27000 is an international standard entitled: Information technology — Security techniques — Information security management systems — Overview and vocabulary.

The standard was developed by sub-committee 27 (SC27) of the first Joint Technical Committee (JTC1) of the International Organization for Standardization and the International Electrotechnical Commission.[1]

ISO/IEC 27000 provides:

ISO/IEC 27000 is available via the ITTF website.[2] (free download)

Overview and introduction

The standard explains the purpose of an Information Security Management System (ISMS), a management system similar to those recommended by other ISO standards such as ISO 9000 and ISO 14000, used to manage information security risks and controls within an organization. Bringing information security deliberately under overt management control is a central principle throughout the ISO/IEC 27000 standards.

Glossary

Information security, like many technical subjects, is envolving a complex web of terminology. Relatively few authors take the trouble to define precisely what they mean, an approach which is unacceptable in the standards arena as it potentially leads to confusion and devalues formal assessment and certification. As with ISO 9000 and ISO 14000, the base '000' standard is intended to address this.

The target audience is users of the remaining ISO/IEC 27000-series information security management standards.

See also

References

  1. ^ ISO/IEC 27000:2016
  2. ^ "Publicly Available Standards". Retrieved 2014-11-05.