|
BS7799
BS 7799 was a British standard "Code of Practice for Information Security Management", first published as such by the British Standards Institution (BSI) in February 1995. Read about the origins of BS 7799 here. Subsequently, two further parts to BS 7799 were also published (the first becoming BS 7799 Part 1), by which time BSI had become BSI Group. The original BS 7799 outlined a structured approach to the management of information security but was primarily a description of some 127 information security controls in 10 sections or categories. Each control was designed to address a specified control objective. Some of the controls considered particularly important at the time were identified as 'key controls' indicated with a key icon in the margin. Following pushback from the user and academic communities, however, the 'key control' concept was dropped when BS 7799 was revised in 1998. Users were encouraged to determine their own risks and objectives in order to select whicheve ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
ISO/IEC 27001
ISO/IEC 27001 is an information security standard. It specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system (ISMS). Organizations with an ISMS that meet the standard's requirements can choose to have it certified by an accredited certification body following successful completion of an audit. There are also numerous recognized national variants of the standard. It was originally published jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) in 2005, with revisions in 2013 and 2022. Rationale Most organizations have a number of information security controls. However, without an information security management system (ISMS), controls tend to be somewhat disorganized and disjointed, having been implemented often as point solutions to specific situations or simply as a matter of convention. Security controls in operation typ ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
ISO/IEC 27000-series
The ISO/IEC 27000 family (also known as the 'ISMS Family of Standards', 'ISO27K', or 'ISO 27000 series') comprises information security standards published jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). The series provides best practice recommendations on information security management—the management of information risks through information security controls—within the context of an overall information security management system (ISMS), similar in design to management systems for quality assurance (the ISO 9000 series), environmental protection (the ISO 14000 series) and other management systems. The series is deliberately broad in scope, covering more than just privacy, confidentiality and IT security issues. It is applicable to organizations of all shapes and sizes. All organizations are encouraged to assess their information risks, then treat them (typically using information security contro ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
BSI Group
The British Standards Institution (BSI) is the national standards body of the United Kingdom. BSI produces technical standards on a wide range of products and services and also supplies standards certification services for business and personnel. History BSI was founded as the Engineering Standards Committee in London in 1901.Robert C McWilliam. BSI: The first hundred years. 2001. Thanet Press. London It subsequently extended its standardization work and became the British Engineering Standards Association in 1918, adopting the name British Standards Institution in 1931 after receiving a Royal Charter in 1929. In 1998 a revision of the Charter enabled the organization to diversify and acquire other businesses, and the trading name was changed to BSI Group. The Group now operates in 195 countries. The core business remains standards and standards related services, although the majority of the Group's revenue comes from management systems assessment and certification work. I ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
International Organization For Standardization
The International Organization for Standardization (ISO ; ; ) is an independent, non-governmental, international standard development organization composed of representatives from the national standards organizations of member countries. Membership requirements are given in Article 3 of the ISO Statutes. ISO was founded on 23 February 1947, and () it has published over 25,000 international standards covering almost all aspects of technology and manufacturing. It has over 800 technical committees (TCs) and subcommittees (SCs) to take care of standards development. The organization develops and publishes international standards in technical and nontechnical fields, including everything from manufactured products and technology to food safety, transport, IT, agriculture, and healthcare. More specialized topics like electrical and electronic engineering are instead handled by the International Electrotechnical Commission.Editors of Encyclopedia Britannica. 3 June 2021.Inte ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
International Electrotechnical Commission
The International Electrotechnical Commission (IEC; ) is an international standards organization that prepares and publishes international standards for all electrical, electronics, electronic and related technologies. IEC standards cover a vast range of technologies from power generation, transmission and distribution to home appliances and office equipment, semiconductors, fibre optics, batteries, solar energy, nanotechnology, and marine energy, as well as many others. The IEC also manages four global conformity assessment systems that certify whether equipment, system or components conform to its international standards. All electrotechnologies are covered by IEC Standards, including energy production and distribution, electronics, magnetics and electromagnetics, electroacoustics, multimedia, telecommunications and medical technology, as well as associated general disciplines such as terminology and symbols, electromagnetic compatibility, measurement and performance, dependa ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
ISO/IEC 17799
ISO/IEC JTC 1, entitled "Information technology", is a joint technical committee (JTC) of the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). Its purpose is to develop, maintain and promote standards in the fields of information and communications technology (ICT). JTC 1 has been responsible for many critical IT standards, ranging from the Joint Photographic Experts Group (JPEG) image formats and Moving Picture Experts Group (MPEG) audio and video formats to the C and C++ programming languages. History ISO/IEC JTC 1 was formed in 1987 as a merger between ISO/TC 97 (Information Technology) and IEC/TC 83, with IEC/SC 47B joining later. The intent was to bring together, in a single committee, the IT standardization activities of the two parent organizations in order to avoid duplicative or possibly incompatible standards. At the time of its formation, the mandate of JTC 1 was to develop base standards in information te ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
ISO/IEC 27002
ISO/IEC 27002 is an information security standard published by the International Organization for Standardization (ISO) and by the International Electrotechnical Commission (IEC), titled ''Information security, cybersecurity and privacy protection — Information security controls''. The ISO/IEC 27000 family of standards are descended from a corporate security standard donated by Shell to a UK government initiative in the early 1990s. The Shell standard was developed into British Standard BS 7799 in the mid-1990s, and was adopted as ISO/IEC 17799 in 2000. The ISO/IEC standard was revised in 2005, and renumbered ISO/IEC 27002 in 2007 to align with the other ISO/IEC 27000-series standards. It was revised again in 2013 and in 2022. Later in 2015 the ISO/IEC 27017 was created from that standard in order to suggest additional security controls for the cloud which were not completely defined in ISO/IEC 27002. ISO/IEC 27002 provides best practice recommendations on in ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Information Security Management System
Information security management (ISM) defines and manages controls that an organization needs to implement to ensure that it is sensibly protecting the confidentiality, availability, and integrity of assets from threats and vulnerabilities. The core of ISM includes information risk management, a process that involves the assessment of the risks an organization must deal with in the management and protection of assets, as well as the dissemination of the risks to all appropriate stakeholders. This requires proper asset identification and valuation steps, including evaluating the value of confidentiality, integrity, availability, and replacement of assets. As part of information security management, an organization may implement an information security management system and other best practices found in the ISO/IEC 27001, ISO/IEC 27002, and ISO/IEC 27035 standards on information security. Risk management and mitigation Managing information security in essence means managing and ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
PDCA
PDCA or plan–do–check–act (sometimes called plan–do–check–adjust) is an iterative design and management method used in business for the control and continual improvement of processes and products. It is also known as the Shewhart cycle, or the control circle/cycle. Another version of this PDCA cycle is OPDCA. The added stands for ''observation'' or as some versions say: "Observe the current condition." This emphasis on observation and current condition has currency with the literature on lean manufacturing and the Toyota Production System. The PDCA cycle, with Ishikawa's changes, can be traced back to S. Mizuno of the Tokyo Institute of Technology in 1959. The PDCA cycle is also known as PDSA cycle (where S stands for ''study''). It was an early means of representing the task areas of traditional quality management. The cycle is sometimes referred to as the Shewhart / Deming cycle since it originated with physicist Walter Shewhart at the Bell Telephone Laborator ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
ISO 9000
The ISO 9000 family is a set of international standards for Quality (business), quality management systems. It was developed in March 1987 by International Organization for Standardization. The goal of these standards is to help organizations ensure that they meet customer and other Stakeholder (corporate), stakeholder needs within the statutory and regulatory requirements related to a product or service. The standards were designed to fit into an integrated management system. The ISO refers to the set of standards as a "family", bringing together the standard for quality management systems and a set of "supporting standards", and their presentation as a family facilitates their integrated application within an organisation. ISO 9000 deals with the fundamentals and vocabulary of QMS, including the seven quality management principles that underlie the family of standards. ISO 9001 deals with the requirements that organizations wishing to meet the standard must fulfill. A companion ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
ISO/IEC 27005
ISO/IEC 27005 "Information technology — Security techniques — Information security risk management" is an international standard published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) providing good practice guidance on managing risks to information. It is a core part of the ISO/IEC 27000-series of standards, commonly known as ISO27k. The standard offers advice on systematically identifying, assessing, evaluating and treating information security risks - processes at the very heart of an ISO27k Information Security Management System (ISMS). It aims to ensure that organizations design, implement, manage, monitor and maintain their information security controls and other arrangements rationally, according to their information security risks. The current fourth edition of ISO/IEC 27005 was published in October 2022. Overview ISO/IEC 27005 does not specify or recommend specific risk management methods in ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Cyber Security Standards
Information security standards (also cyber security standards) are techniques generally outlined in published materials that attempt to protect a user's or organization's cyber environment. This environment includes users themselves, networks, devices, all software, processes, information in storage or transit, applications, services, and systems that can be connected directly or indirectly to networks. The principal objective is to reduce the risks, including preventing or mitigating cyber-attacks. These published materials comprise tools, policies, security concepts, security safeguards, guidelines, risk management approaches, actions, training, best practices, assurance, and technologies. History Cybersecurity standards have existed over several decades as users and providers have collaborated in many domestic and international forums to effect the necessary capabilities, policies, and practices – generally emerging from work at the Stanford Consortium for Research on Informa ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
