ISO/IEC 27000-series

The ISO/IEC 27000-series (also known as the 'ISMS Family of Standards' or 'ISO27k' for short) comprises information security standards published jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC).

The series provides best practice recommendations on information security management, risks and controls within the context of an overall Information Security Management System (ISMS), similar in design to management systems for quality assurance (the ISO 9000 series) and environmental protection (the ISO 14000 series).

The series is a deliberately broad in scope, covering more than just privacy, confidentiality and IT or technical security issues. It is applicable to organizations of all shapes and sizes. All organizations are encouraged to assess their information security risks, then implement appropriate information security controls according to their needs, using the guidance and suggestions where relevant. Given the dynamic nature of information security, the ISMS concept incorporates continuous feedback and improvement activities, summarized by Deming's "plan-do-check-act" approach, that seek to address changes in the threats, vulnerabilities or impacts of information security incidents.

At present, four of the standards in the series are publicly available while several more are under development.

Published standards

* ISO/IEC 27001 - the certification standard against which organizations' ISMS may be certified (published in 2005)
* ISO/IEC 27002 - the code of practice with good practice advice on ISMS (previously known as ISO 17799 and before that BS 7799 Part 1 (last revised in 2005, and renumbered ISO/IEC 27002:2005 in July 2007).
* ISO/IEC 27005 - designed to assist the satisfactory implementation of information security based on a risk management approach (published in 2008).
* ISO/IEC 27006 - a guide to the certification/registration process (published in 2007).

In preparation

* ISO/IEC 27000 - an introduction and overview for the ISMS Family of Standards, plus a glossary of common terms
* ISO/IEC 27003 - an ISMS implementation guide
* ISO/IEC 27004 - a standard for information security management measurements
* ISO/IEC 27007 - a guideline for ISMS auditing (focusing on the management system)
* ISO/IEC 27008 - a guideline for Information Security Management auditing (focusing on the security controls)
* ISO/IEC 27011 - an ISMS implementation guideline for the telecommunications industry (also known as X.1051)
* ISO/IEC 27031 - a specification for ICT readiness for business continuity
* ISO/IEC 27032 - a guideline for cybersecurity (essentially, 'being a good neighbor' on the Internet)
* ISO/IEC 27033 - IT network security, a multi-part standard currently known as ISO/IEC 18028:2006
* ISO/IEC 27034 - a guideline for application security

External links

* [http://www.standardsdirect.org/iso17799.htm ISO 17799 Source from BSI]
* [http://iso-17799.safemode.org ISO 17799 Wiki]
* [http://17799-news.the-hamster.com The ISO 17799 Newsletter]

See also

*BS 7799, the original British Standard from which ISO/IEC 17799 and then ISO/IEC 27002 was derived
*Standard of Good Practice published by the Information Security Forum


Wikimedia Foundation. 2010.

Look at other dictionaries:

  • ISO/IEC 27000-series — La serie de normas ISO/IEC 27000 son estándares de seguridad publicados por la Organización Internacional para la Estandarización (ISO) y la Comisión Electrotécnica Internacional (IEC). La serie contiene las mejores prácticas recomendadas en… …   Wikipedia Español

  • ISO/IEC 27000 — part of a growing family of ISO/IEC ISMS standards, the ISO/IEC 27000 series is the number reserved for a new international standard, which currently has the provisional title: Information technology Security techniques Information security… …   Wikipedia

  • ISO/IEC 27002 — part of a growing family of ISO/IEC ISMS standards, the ISO/IEC 27000 series is an information security standard published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) as… …   Wikipedia

  • ISO/IEC 27001 — ISO/IEC 27001, part of the growing ISO/IEC 27000 series of standards, is an information security management system (ISMS) standard published in October 2005 by the International Organization for Standardization (ISO) and the International… …   Wikipedia

  • ISO/IEC 27005 — part of a growing family of ISO/IEC ISMS standards, the ISO/IEC 27000 series is an information security standard being currently developed by the International Organization for Standardization (ISO) and the International Electrotechnical… …   Wikipedia

  • ISO/IEC 27007 — part of a growing family of ISO/IEC ISMS standards, the ISO/IEC 27000 series is an information security standard being currently developed by the International Organization for Standardization (ISO) and the International Electrotechnical… …   Wikipedia

  • ISO/IEC 27003 — part of a growing family of ISO/IEC ISMS standards, the ISO/IEC 27000 series is an information security standard being currently developed by the International Organization for Standardization (ISO) and the International Electrotechnical… …   Wikipedia

  • ISO/IEC 27004 — part of a growing family of ISO/IEC ISMS standards, the ISO/IEC 27000 series is an information security standard being currently developed by the International Organization for Standardization (ISO) and the International Electrotechnical… …   Wikipedia

  • ISO/IEC 27006 — part of a growing family of ISO/IEC ISMS standards, the ISO/IEC 27000 series is an information security standard published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). Its… …   Wikipedia

  • ISO/IEC 8859-11 — ISO/IEC 8859 11:2001, Information technology 8 bit single byte coded graphic character sets Part 11: Latin/Thai alphabet, is part of the ISO/IEC 8859 series of ASCII based standard character encodings, first edition published in 2001. It is… …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”