The ISO/IEC 27000 series consists of information security
standards published by the International Standards Organization (ISO) and the
International Electrotechnical Commission (IEC). The series is designed to
provide best practices on information security management based on the risk
assessment and to recommend controls within the context of an organization to
enable it to implement an Information Security Management System (ISMS).
Since technology and business environments are continuously
evolving , the older standards are revised and new standards are developed to
address the evolving business landscape.
At present there are 33 published standards are under the umbrella
of 27001 family. However ISO/IEC 27001 is the only certifiable standard against
which an organization's Information Security Management System (ISMS) can be
audited and certified by an accreditation body. (ISO/IEC 27001:2005 and ISO/IEC
27002:2005 are not included here , considering they are now obsolete after
release of new versions).
All the other standards in the ISO 27000 family are codes of
practice which provide non-mandatory best-practice guidelines published and
released to support the ISMS based on ISO/IEC 27001.
The other 27000 series standards are not mandatory and adopting
those is at the sole discretion of the organization.
A list of published standards is available at ISO.
About 33 standards have been released and many more in development phase.
No comments:
New comments are not allowed.