ISO Standards

From Training Material

Jump to navigation Jump to search

Category:OCEB T200.5.1 - IT Infrastructure

title: ISO Standards
author: Bernard Szlachta (NobleProg Ltd)

ISO/IEC 38500 ⌘

Corporate governance of information technology
framework for effective governance of IT
helps managers to understand and fulfil their lega and ethical obligations regarding use of IT

• applies to all organizations (public, private, government bodies, not-for-profit)

guiding principles for managers on the effective, efficient, and acceptable use of IT
organized into three prime sections:
- Scope
- Framework
- Guidance

ISO 27001 ⌘

series of standards reserved for information security
aligns ISO 9000 (quality management) and ISO 14000

(environmental management)

ISO 27001: Information technology — Security techniques — Information security management systems (ISMS) — Requirements

ISO 27002: "established guidelines and general principles for initiating, implementing, maintaining, and improving information security management within an organization"

ISO 27003: guidance for the implementation of ISMS

ISO 27004: Information Security System Management measurement and metrics"

ISO 27005: methodology independent standard for information security risk management

ISO 27006: guidelines for the accreditation of organizations offering ISMS certification

Retrieved from ‘https://training-course-material.com/index.php?title=ISO_Standards&oldid=8113’

OCEB T200.5.1 - IT Infrastructure