ISO Standards
Jump to navigation
Jump to search
ISO/IEC 38500 ⌘
- Corporate governance of information technology
- framework for effective governance of IT
- helps managers to understand and fulfil their lega and ethical obligations regarding use of IT
• applies to all organizations (public, private, government bodies, not-for-profit)
- guiding principles for managers on the effective, efficient, and acceptable use of IT
- organized into three prime sections:
- Scope
- Framework
- Guidance
ISO 27001 ⌘
- series of standards reserved for information security
- aligns ISO 9000 (quality management) and ISO 14000
(environmental management)
- ISO 27001
- Information technology — Security techniques — Information security management systems (ISMS) — Requirements
- ISO 27002
- "established guidelines and general principles for initiating, implementing, maintaining, and improving information security management within an organization"
- ISO 27003
- guidance for the implementation of ISMS
- ISO 27004
- Information Security System Management measurement and metrics"
- ISO 27005
- methodology independent standard for information security risk management
- ISO 27006
- guidelines for the accreditation of organizations offering ISMS certification