Friday, October 3, 2008

ISO 27000 Serie Update!

The ISO/IEC 27000-series numbering (“ISO27k”) has been reserved for a family of information security management standards, similar to the very successful ISO 9000 family of quality assurance standards and derived from a British Standard called BS 7799.
  • The following standards are either already published (shown in red) or works in progress:
    ISO/IEC 27000 - will provide an overview/introduction to the ISO27k standards as a whole plus the specialist vocabulary used in ISO27k. Once approved by the members of ISO/IEC JTC1/SC27, it should be published later this year.
  • ISO/IEC 27001:2005 is the Information Security Management System requirements standard (specification) against which over 4,700 organizations have been certified compliant.
  • ISO/IEC 27002:2005 is the code of practice for information security management describing a comprehensive set of information security control objectives and a set of generally accepted good practice security controls.
  • ISO/IEC 27003 will provide implementation guidance for ISO/IEC 27001.
  • ISO/IEC 27004 will be an information security management measurement standard to help improve the effectiveness of your ISMS.
  • ISO/IEC 27005:2008 is a new information security risk management standard released in June 2008.
  • ISO/IEC 27006:2007 is a guide to the certification or registration process for accredited ISMS certification or registration bodies.
  • ISO/IEC 27007 will be a guideline for auditing Information Security Management Systems.
  • ISO/IEC TR 27008 will provide guidance on auditing information security controls.
  • ISO/IEC 27010 will provide guidance on sector-to-sector interworking and communications for industry and government, supporting a series of sector-specific ISMS implementation guidelines starting with ISO/IEC 27011.
  • ISO/IEC 27011 will be information security management guidelines for telecommunications (also known as X.1051) and will be released soon.
  • ISO/IEC 27031 will be an ICT-focused standard on business continuity.
  • ISO/IEC 27032 will be guidelines for cybersecurity.
  • ISO/IEC 27033 will replace the multi-part ISO/IEC 18028 standard on IT network security.
  • ISO/IEC 27034 will provide guidelines for application security.
  • ISO 27799, although not strictly part of ISO27k, provides health sector specific ISMS implementation guidance.
  • Other ISO27k is a holding page with preliminary information on more ISO27k standards including sector/industry-specific ISMS implementation guidelines whose scopes and ISO27k numbers have not yet been determined.

The names and content of as-yet unpublished standards may well change prior to their publication, especially the early drafts.


No comments: