ISO 27000 serie of standards for Information Security

ISO 27000 serie is THE set of standard for Information Security, a must to have and look for people working in the area.

Good overviews and lists are available

* ISO/IEC 27000 — Information security management systems — Overview and vocabulary [1]
* ISO/IEC 27001 — Information security management systems — Requirements
* ISO/IEC 27002 — Code of practice for information security management
* ISO/IEC 27003 — Information security management system implementation guidance
* ISO/IEC 27004 — Information security management — Measurement
* ISO/IEC 27005 — Information security risk management
* ISO/IEC 27006 — Requirements for bodies providing audit and certification of information security management systems
* ISO/IEC 27011 — Information security management guidelines for telecommunications organizations based on ISO/IEC 27002
* ISO/IEC 27031 — Guidelines for information and communications technology readiness for business continuity
* ISO/IEC 27033-1 — Network security overview and concepts
* ISO/IEC 27035 — Security incident management
* ISO 27799 — Information security management in health using ISO/IEC 27002

  • site called “ISO 27001 security”

They have an interesting toolkit available.

ISO 27000 serie material is done by SubCommittee 27 (JTC 1/SC27) “IT Security techniques”. A full list of their standards is available here.

This entry was posted in ISO, Security Standardization and Practises, Telecom Security. Bookmark the permalink.

Comments are closed.