Bernard Szlachta at 06:38, 25 November 2012

2012-11-25T06:38:30Z

New page

{{Cat|OCEB T200.5.1 - IT Infrastructure}}
{{OCEB Links}}

<slideshow style="nobleprog" headingmark="⌘" incmark="…" scaled="false" font="Trebuchet MS" >
;title: ISO Standards
;author: Bernard Szlachta (NobleProg Ltd)
</slideshow>

== ISO/IEC 38500 ⌘==
* Corporate governance of information technology
* framework for effective governance of IT
* helps managers to understand and fulfil their lega and ethical obligations regarding use of IT
• applies to all organizations (public, private, government bodies, not-for-profit)
* guiding principles for managers on the effective, efficient, and acceptable use of IT
* organized into three prime sections:
** Scope
** Framework
** Guidance

== ISO 27001 ⌘==
* series of standards reserved for information security
* aligns ISO 9000 (quality management) and ISO 14000
(environmental management)

; ISO 27001
: Information technology — Security techniques — Information security management systems (ISMS) — Requirements

; ISO 27002
: "established guidelines and general principles for initiating, implementing, maintaining, and improving information security management within an organization"

; ISO 27003
: guidance for the implementation of ISMS

; ISO 27004
: Information Security System Management measurement and metrics"

; ISO 27005
: methodology independent standard for information security risk management

; ISO 27006
: guidelines for the accreditation of organizations offering ISMS certification

ISO Standards - Revision history

Bernard Szlachta at 06:38, 25 November 2012