ExoLytic, Inc.
Quality management and project outsourcing
Right people. Right solutions.
outsourced solutions
ISO 27000 facts
The ISO 27000 series of standards have been
specifically reserved by ISO for information security matters. This of
course, aligns with a number of other topics, including ISO 9000 (quality
management) and ISO 14000 (environmental management).
As with the above topics, the 27000 series will
be populated with a range of individual standards and documents. A number of
these are already well known, and indeed, are scheduled for publication. For
others, the final numbering and publication details have yet to be
determined.
information security management system (ISMS)
ISO 27001
The ISO 27002 standard is the rename of the existing ISO 17799 standard, and is a code of practice for information security. It basically outlines hundreds of potential controls and control mechanisms, which may be implemented, in theory, subject to the guidance provided within ISO 27001.
The standard "established guidelines and general principles for initiating, implementing, maintaining, and improving information security management within an organization". The actual controls listed in the standard are intended to address the specific requirements identified via a formal risk assessment. The standard is also intended to provide a guide for the development of "organizational security standards and effective security management practices and to help build confidence in inter-organizational activities".
The basis of the standard was originally a document published by the UK government, which became a standard 'proper' in 1995, when it was re-published by BSI as BS7799. In 2000 it was again re-published, this time by ISO ,as ISO 17799. A new version of this appeared in 2005, along with a new publication, ISO 27001. These two documents are intended to be used together, with one complimenting the other.
ISO's future plans for this standard are focused largely around the development and publication of industry specific versions (for example: health sector, manufacturing, and so on). Note that this is a lengthy process, so the new standards will take some time to appear.
This is the specification for an information
security management system (an ISMS) and replaces the old BS7799-2.
This standard addresses the code of practice for information security (was formerly known as BS7799-1).
This standard offers guidance for the implementation of an ISMS (IS Management System).
This standard covers information security system management measurement and metrics.
This standard addresses information security risk management.
This standard provides guidelines for the accreditation of organizations offering ISMS certification.
Terms and Conditions ·
Privacy
© Copyright 2009 Exolytic, Inc.
Fax: 781.245.2940
Phone: 781.929.5008
