ISO/IEC 27000
   HOME

TheInfoList



Click Here for Items Related To - ISO/IEC 27000
OR:
ISO/IEC 27000 on:   [Wikipedia]   [Google]   [Amazon]

ISO/IEC 27000 is part of a growing family of ISO/IEC standards - the ' ISO/IEC 27000 series'. ISO/IEC 27000 is an international standard titled: ''Information technology — Security techniques — Information security management systems — Overview and vocabulary''. The standard was developed by subcommittee 27 (SC27) of the first Joint Technical Committee (JTC1) of the
International Organization for Standardization The International Organization for Standardization (ISO ) is an international standard development organization composed of representatives from the national standards organizations of member countries. Membership requirements are given in A ...
and the
International Electrotechnical Commission The International Electrotechnical Commission (IEC; in French: ''Commission électrotechnique internationale'') is an international standards organization that prepares and publishes international standards for all electrical, electronic and ...
. ISO/IEC 27000 provides: * An overview of, and introduction to, the entire ISO/IEC 27000 family of Information Security Management Systems (ISMS)-related standards. * A glossary or vocabulary of the specialist terms used throughout the ISO/IEC 27000 family, formally defined. ISO/IEC 27000 is available via the ITTF website. (gratis download).


Overview and introduction

The standard describes the purpose of an
Information Security Management Information security management (ISM) defines and manages controls that an organization needs to implement to ensure that it is sensibly protecting the confidentiality, availability, and integrity of assets from threats and vulnerabilities. The cor ...
System (ISMS), a management system similar in concept to those recommended by other ISO standards such as
ISO 9000 The ISO 9000 family is a set of five quality management systems (QMS) standards that help organizations ensure they meet customer and other stakeholder needs within statutory and regulatory requirements related to a product or service. ISO 90 ...
and
ISO 14000 ISO 14000 is a family of standards related to environmental management that exists to help organizations (a) minimize how their operations (processes, etc.) negatively affect the environment (i.e. cause adverse changes to air, water, or land); (b) ...
, used to manage information security risks and controls within an organization. Bringing information security deliberately under overt management control is a central principle throughout the ISO/IEC 27000 standards.


Glossary

Information security, like many technical subjects, is evolving a complex web of terminology. Relatively few authors take the trouble to define precisely what they mean, an approach which is unacceptable in the standards arena as it potentially leads to confusion and devalues formal assessment and certification. As with
ISO 9000 The ISO 9000 family is a set of five quality management systems (QMS) standards that help organizations ensure they meet customer and other stakeholder needs within statutory and regulatory requirements related to a product or service. ISO 90 ...
and
ISO 14000 ISO 14000 is a family of standards related to environmental management that exists to help organizations (a) minimize how their operations (processes, etc.) negatively affect the environment (i.e. cause adverse changes to air, water, or land); (b) ...
, the base '000' standard is intended to address this. The target audience is users of the remaining ISO/IEC 27000-series information security management standards.


See also

*
ISO/IEC 27000-series The ISO/IEC 27000-series (also known as the 'ISMS Family of Standards' or 'ISO27K' for short) comprises information security standards published jointly by the International Organization for Standardization (ISO) and the International Electrotechni ...
*
ISO/IEC 27001 ISO/IEC 27001 is an international standard to manage information security. The standard was originally published jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) in 2005, ...
* ISO/IEC 27002 (formerly
ISO/IEC 17799 ISO/IEC JTC 1, entitled "Information technology", is a joint technical committee (JTC) of the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). Its purpose is to develop, maintain and pr ...
) * ISO/IEC JTC 1/SC 27 - IT Security techniques


References

#27000 {{Standard-stub