30 terms

ISO/IEC Standards


Terms in this set (...)

ISO/IEC 27001
It is the international standard for the establishment, implementation, control, and improvement of the information security management system. It defines the ISMS requirements and tells you how to build a security program.
ISO/IEC 27002
An international standard on the Code of practice for information security management. It was developed from BS7799, published in the mid-1990s. The British Standard was adopted by ISO/IEC as ISO/IEC 17799:2000, revised in 2005, and renumbered (but otherwise unchanged) in 2007 to align with the other ISO/IEC 27000-series standards
ISO/IEC 27003
It is the international standard for the guidelines for ISMS implementation.
ISO/IEC 27004
International standard guidelines on how to measure the security program and its metric framework.
ISO/IEC 27799
Guideline for information security management in health organizations.
ISO/IEC 27005
Guideline for information security RISK MANAGEMENT. NIST 800-30 risk methodology is mainly IT and operational focused, while this methodology deals with IT and the softer security issues (documentation, personnel security, training, etc).
ISO/IEC 27006
Guidelines for bodies providing audit & certification of information security management systems
ISO/IEC 27011
Information security management guidelines for telecommunications organizations.
ISO/IEC 27031
Guideline for information & communications technology readiness for business continuity.
ISO/IEC 27033
Guideline for IT network security, a multipart standard based on ISO/IEC 18028:2006. It provides detailed guidance on implementing the network security controls that are introduced in ISO/IEC 27002. It applies to the security of networked devices and the management of their security, network applications/services and users of the network, in addition to security of information being transferred through communications links. It is aimed at network security architects, designers, managers and officers.
ISO/IEC 27013
This standard provides guidance on implementing an integrated information security and IT service management system, based on both ISO/IEC 27001:2005 (ISMS) and ISO/IEC 20000-1:2011 (IT service management specification, derived from ITIL).
ISO/IEC 20000-1:2011
a service management system (SMS) standard. It specifies requirements for the service provider to plan, establish, implement, operate, monitor, review, maintain and improve an SMS. The requirements include the design, transition, delivery and improvement of services to fulfil agreed service requirements
ISO/IEC 27014
Guideline for information security governance. The standard provides "guidance on concepts and principles for the governance of information security, by which organizations can evaluate, direct, monitor and communicate the information security related activities within the organization" and is "applicable to all types and sizes of organizations".
ISO/IEC 27015
Information security management guidelines for the finance & insurance sector.
ISO/IEC 27032
Guideline for cybersecurity. The standard is about Internet Security.
ISO/IEC 27034
Guideline for application security. This standard provides guidance on specifying, designing/selecting and implementing information security controls through a set of processes integrated throughout an organization's Systems Development Life Cycle/s (SDLC).
ISO/IEC 27035
Guideline for security incident management. The standard lays out a process with 5 key stages: (1)Prepare to deal with incidents; (2) Identify and report information security incidents; (3) Assess incidents and make decisions; (4) Respond to incidents; (5) Learn the lessons
ISO/IEC 27036
Guideline for security of outsourcing. It is a multi-part standard offering guidance on the evaluation and treatment of information security risks involved in the acquisition of goods and services from suppliers.
ISO/IEC 27037
Guideline for identification, collection, and/or acquisition & presentation of digital evidence. This standard provides guidance on identifying, gathering/collecting/acquiring, handling and protecting/preserving digital forensic evidence i.e. "digital data that may be of evidential value" for use in court.
ISO/IEC 17799:2005
This standard is the predecessor of ISO/IEC 27002. It establishes guidelines and general principles for initiating, implementing, maintaining, and improving information security management in an organization. It contains best practices of control objectives and controls in the following areas of information security management: security policy; organization of information security; asset management; human resources security; physical and environmental security; communications and operations management; access control; information systems acquisition, development and maintenance; information security incident management; business continuity management; compliance.
ISO/IEC 27039:2015
Selection, deployment and operation of intrusion detection and prevention systems (IDPS) .
ISO/IEC 27040:2015
The standard describes information security risks associated with data storage, and controls to mitigate the risks.
ISO/IEC 270410:2015
Guidance on assuring suitability and adequacy of incident investigative methods.
ISO/IEC 27042:2015
Guidelines for the analysis and interpretation of digital evidence.
ISO/IEC 27043:2015
Incident investigation principles and processes.
ISO/IEC 27044
Guidelines for security information and event management (SIEM).
ISO 31000-Risk Management
A family of standards relating to risk management which provide principles and generic guidelines on risk management.
ISO 31000:2009- Risk Management
Provides principles, a framework, and a process for managing risk. It can be used by any organization regardless of its size, activity, or sector.
ISO Guide 73:2009, Risk Management
Vocabulary complements ISO 31000 by providing a collection of terms and definitions relating to the management of risk.
ISO/IEC 31010:2009, Risk Management
Focuses on risk assessment concepts, processes, and the selection of risk assessment techniques.