Friday, May 30, 2008

ISO 27000 Standards

The ISO/IEC 27000-series numbering has been reserved for a family of information security management standards (ISMS). It is derived from a successful British Standard called BS 7799.

The following ISO27000 standards are either already published or still works in progress:
  • ISO/IEC 27000 - To provide an overview/introduction to the ISO27k standards.
  • ISO/IEC 27001:2005 - This is the Information Security Management System (ISMS) requirements standard/specification.
  • ISO/IEC 27002:2005 (formerly known as ISO/IEC 17799) - This is the code of practice for information security management describing a comprehensive set of information security control objectives and a set of generally accepted good practice controls.
  • ISO/IEC 27003 - To provide implementation guidance for ISO/IEC 27001.
  • ISO/IEC 27004 - This is an information security management measurement standard to help improve the effectiveness of ISMS.
  • ISO/IEC 27005 - This is an information security risk management standard to ISO27k standards.
  • ISO/IEC 27006:2007 - This is a guide to the certification or registration process for accredited ISMS certification or registration bodies.
  • ISO/IEC 27007 - This is a guideline for auditing Information Security Management Systems.
  • ISO/IEC 27008 - To provide guidance on auditing information security controls.
  • ISO/IEC 27010 - To provide guidance on sector-to-sector interworking and communications for industry and government, supporting a series of sector-specific ISMS implementation guidelines starting with ISO/IEC 27011.
  • ISO/IEC 27011 - This is an information security management guidelines for telecommunications (also known as X.1051).
  • ISO/IEC 27031 - This is an ICT-focused standard on business continuity.
  • ISO/IEC 27032 - This is the guidelines for cybersecurity.
  • ISO/IEC 27033 - To replace the ISO/IEC 18028 standard on IT network security.
  • ISO/IEC 27034 - To provide guidelines for application security.