ISO/IEC 27000 –Information Security Risk Management Standards for Companies of All Sizes

Hide Menu

The International Organization for Standardization (ISO) joined forces with the International Electrotechnical Commission (IEC) to create a set of information security standards by the name of ISO/IEC 27000 series. This set of best practices as a whole works on ensuring more than privacy and technical security issues, which is why all the organizations of the world work to ensure their compliance with them.

Whereas many believed that the ISO/IEC 27000 is similar to the ISO 9000 series for quality assurance and the ISO 14000 series for environmental protection, the series aims at doing more than ensure the privacy and technical security of IT systems. The series of best practices encourages companies implementing it to:

Major Published Standards

The ISO/IEC 27000 series consists of 10 published standards –

  1. ISO/IEC 27000 – This standard offers an overview on the standards and provides a list of the vocabulary used.
  2. ISO/IEC 27001 – This standard goes over the requirements needed to ensure the security of IT systems.
  3. ISO/IEC 27002 – This best practice offers a code of practice for IT security management.
  4. ISO/IEC 27003 – The ISO/IEC 27003 provides guidance for implementing IT security management systems.
  5. ISO/IEC 27004 – Since metrics are necessary in risk management, this standard offers assistance in the measurement of IT security management.
  6. ISO/IEC 27005 – For a broader look at IT security risk management, this standard is ideal.
  7. ISO/IEC 27006 – Individuals or companies which provide audit and certification of IT security management systems should be aware of the requirements mentioned in this standard.
  8. ISO/IEC 27011 – Telecommunication organizations which implemented the ISO/IEC 27002 standard may consider adding the guidelines of this standard to their companies.
  9. ISO/IEC 27033-1 – As the network is usually the source of many risks, this standard offers an overview of Network security and its concepts.
  10. ISO 27799 – For organizations in the health field, especially those which use ISO/IEC 27002 should be acquainted with the IT security management information mentioned in this best practice.

Standards to be Published

To ensure that the best practices of ISO/IEC 27000 are up to date and able to accommodate today’s IT risks, more standards are under development. Some of those standards companies should expect are:

There are similar standards across the world, for example the BS 7799, thus companies should consider which set of best practices they need to implement.

Further reading: Corporate Governance | Audit | Performance Improvement

Contact Sitemap Links
Copyright 2022 All Rights Reserved.