ISO Standards

From Training Material
Revision as of 06:38, 25 November 2012 by Bernard Szlachta (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search


title
ISO Standards
author
Bernard Szlachta (NobleProg Ltd)

ISO/IEC 38500 ⌘

  • Corporate governance of information technology
  • framework for effective governance of IT
  • helps managers to understand and fulfil their lega and ethical obligations regarding use of IT

• applies to all organizations (public, private, government bodies, not-for-profit)

  • guiding principles for managers on the effective, efficient, and acceptable use of IT
  • organized into three prime sections:
    • Scope
    • Framework
    • Guidance

ISO 27001 ⌘

  • series of standards reserved for information security
  • aligns ISO 9000 (quality management) and ISO 14000

(environmental management)

ISO 27001
Information technology — Security techniques — Information security management systems (ISMS) — Requirements
ISO 27002
"established guidelines and general principles for initiating, implementing, maintaining, and improving information security management within an organization"
ISO 27003
guidance for the implementation of ISMS
ISO 27004
Information Security System Management measurement and metrics"
ISO 27005
methodology independent standard for information security risk management
ISO 27006
guidelines for the accreditation of organizations offering ISMS certification