|
ISO 27000
ISO/IEC 27000 is part of a growing family of ISO/IEC standards - the ' ISO/IEC 27000 series'. ISO/IEC 27000 is an international standard titled: ''Information technology — Security techniques — Information security management systems — Overview and vocabulary''. The standard was developed by subcommittee 27 (SC27) of the first Joint Technical Committee (JTC1) of the International Organization for Standardization and the International Electrotechnical Commission. ISO/IEC 27000 provides: * An overview of, and introduction to, the entire ISO/IEC 27000 family of Information Security Management Systems (ISMS)-related standards. * A glossary or vocabulary of the specialist terms used throughout the ISO/IEC 27000 family, formally defined. ISO/IEC 27000 is available via the ITTF website. (gratis download). Overview and introduction The standard describes the purpose of an Information Security Management System (ISMS), a management system similar in concept to those recommend ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
ISO/IEC 27000-series
The ISO/IEC 27000-series (also known as the 'ISMS Family of Standards' or 'ISO27K' for short) comprises information security standards published jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). The series provides best practice recommendations on information security management—the management of information risks through information security controls—within the context of an overall Information security management system (ISMS), similar in design to management systems for quality assurance (the ISO 9000 series), environmental protection (the ISO 14000 series) and other management systems. The series is deliberately broad in scope, covering more than just privacy, confidentiality and IT/technical/cybersecurity issues. It is applicable to organizations of all shapes and sizes. All organizations are encouraged to assess their information risks, then treat them (typically using information security contr ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
ISO JTC 1/SC 27
ISO/IEC JTC 1/SC 27 Information security, cybersecurity and privacy protection is a standardization subcommittee of the Joint Technical Committee ISO/IEC JTC 1 of the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). ISO/IEC JTC 1/SC 27 develops International Standards, Technical Reports, and Technical Specifications within the field of information security. Standardization activity by this subcommittee includes general methods, management system requirements, techniques and guidelines to address information security, cybersecurity and privacy. Drafts of International Standards by ISO/IEC JTC 1 or any of its subcommittees are sent out to participating national standardization bodies for ballot, comments and contributions. Publication as an ISO/IEC International Standard requires approval by a minimum of 75% of the national bodies casting a vote. The international secretariat of ISO/IEC JTC 1/SC 27 is the Deutsches Institut f ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
International Organization For Standardization
The International Organization for Standardization (ISO ) is an international standard development organization composed of representatives from the national standards organizations of member countries. Membership requirements are given in Article 3 of the ISO Statutes. ISO was founded on 23 February 1947, and (as of November 2022) it has published over 24,500 international standards covering almost all aspects of technology and manufacturing. It has 809 Technical committees and sub committees to take care of standards development. The organization develops and publishes standardization in all technical and nontechnical fields other than electrical and electronic engineering, which is handled by the IEC.Editors of Encyclopedia Britannica. 3 June 2021.International Organization for Standardization" ''Encyclopedia Britannica''. Retrieved 2022-04-26. It is headquartered in Geneva, Switzerland, and works in 167 countries . The three official languages of the ISO are English, Fren ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
International Electrotechnical Commission
The International Electrotechnical Commission (IEC; in French: ''Commission électrotechnique internationale'') is an international standards organization that prepares and publishes international standards for all electrical, electronic and related technologies – collectively known as "electrotechnology". IEC standards cover a vast range of technologies from power generation, transmission and distribution to home appliances and office equipment, semiconductors, fibre optics, batteries, solar energy, nanotechnology and marine energy as well as many others. The IEC also manages four global conformity assessment systems that certify whether equipment, system or components conform to its international standards. All electrotechnologies are covered by IEC Standards, including energy production and distribution, electronics, magnetics and electromagnetics, electroacoustics, multimedia, telecommunication and medical technology, as well as associated general disciplines such as t ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Information Technology Task Force
The ISO/IEC Information Technology Task Force (ITTF) is a body jointly formed by ISO and IEC responsible for the planning and coordination of the work of JTC 1. It has several responsibilities described in the JTC 1 Directives clause 4.1 including: * day-to-day planning and coordination of the technical work * supervising the application of rules * advising JTC 1 on points of procedure * administration of ballots * publishing activities, including the printing, distribution and sale of International Standards Publishing activities The ITTF makes a number of International Standards and associated material available for free-of-charge download “for standardization purposes” Some well-known texts so available include: * ISO/IEC 10646 Universal Multiple-Octet Coded Character Set ( UCS) * ISO/IEC 14977 Syntactic metalanguage — Extended BNF * ISO/IEC 19757-2 Regular-grammar-based validation — RELAX NG * ISO/IEC 26300 Open Document Format for Office Applications (OpenDocument) ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Information Security Management
Information security management (ISM) defines and manages controls that an organization needs to implement to ensure that it is sensibly protecting the confidentiality, availability, and integrity of assets from threats and vulnerabilities. The core of ISM includes information risk management, a process that involves the assessment of the risks an organization must deal with in the management and protection of assets, as well as the dissemination of the risks to all appropriate stakeholders. This requires proper asset identification and valuation steps, including evaluating the value of confidentiality, integrity, availability, and replacement of assets. As part of information security management, an organization may implement an information security management system and other best practices found in the ISO/IEC 27001, ISO/IEC 27002, and ISO/IEC 27035 standards on information security. Risk management and mitigation Managing information security in essence means managing and mitiga ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
ISO 9000
The ISO 9000 family is a set of five quality management systems (QMS) standards that help organizations ensure they meet customer and other stakeholder needs within statutory and regulatory requirements related to a product or service. ISO 9000 deals with the fundamentals of QMS, including the seven quality management principles that underlie the family of standards. ISO 9001 deals with the requirements that organizations wishing to meet the standard must fulfill. ISO 9002 is a model for quality assurance in production and installation. ISO 9003 for quality assurance in final inspection and test. ISO 9004 gives guidance on achieving sustained organizational success. Third-party certification bodies provide independent confirmation that organizations meet the requirements of ISO 9001. Over one million organizations worldwide are independently certified, making ISO 9001 one of the most widely used management tools in the world today. However, the ISO certification process has b ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
ISO 14000
ISO 14000 is a family of standards related to environmental management that exists to help organizations (a) minimize how their operations (processes, etc.) negatively affect the environment (i.e. cause adverse changes to air, water, or land); (b) comply with applicable laws, regulations, and other environmentally oriented requirements; and (c) continually improve in the above. ISO 14000 is similar to ISO 9000 quality management in that both pertain to the process of how a product is produced, rather than to the product itself. As with ISO 9001, certification is performed by third-party organizations rather than being awarded by ISO directly. The ISO 19011 and ISO 17021 audit standards apply when audits are being performed. The requirements of ISO 14001 are an integral part of the European Union's Eco-Management and Audit Scheme (EMAS). EMAS's structure and material are more demanding, mainly concerning performance improvement, legal compliance, and reporting duties. The curr ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
ISO/IEC 27001
ISO/IEC 27001 is an international standard to manage information security. The standard was originally published jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) in 2005, revised in 2013, and again most recently in 2022. There are also numerous recognized national variants of the standard. It details requirements for establishing, implementing, maintaining and continually improving an information security management system (ISMS) – the aim of which is to help organizations make the information assets they hold more secure. Organizations that meet the standard's requirements can choose to be certified by an accredited certification body following successful completion of an audit. The effectiveness of the ISO/IEC 27001 certification process and the overall standard has been addressed in a large-scale study conducted in 2020. How the standard works Most organizations have a number of information security c ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
ISO/IEC 27002
ISO/IEC 27002 is an information security standard published by the International Organization for Standardization (ISO) and by the International Electrotechnical Commission (IEC), titled ''Information security, cybersecurity and privacy protection — Information security controls''. The ISO/IEC 27000-series standards are descended from a corporate security standard donated by Shell to a UK government initiative in the early 1990s. The Shell standard was developed into British Standard BS 7799 in the mid-1990s, and was adopted as ISO/IEC 17799 in 2000. The ISO/IEC standard was revised in 2005, and renumbered ISO/IEC 27002 in 2007 to align with the other ISO/IEC 27000-series standards. It was revised again in 2013 and in 2022. Later in 2015 the ISO/IEC 27017 was created from that standard in order to suggest additional security controls for the cloud which were not completely defined in ISO/IEC 27002. ISO/IEC 27002 provides best practice recommendations on informat ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
ISO/IEC 17799
ISO/IEC JTC 1, entitled "Information technology", is a joint technical committee (JTC) of the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). Its purpose is to develop, maintain and promote standards in the fields of information and communications technology (ICT). JTC 1 has been responsible for many critical IT standards, ranging from the Joint Photographic Experts Group (JPEG) image formats and Moving Picture Experts Group (MPEG) audio and video formats to the C and C++ programming languages. History ISO/IEC JTC 1 was formed in 1987 as a merger between ISO/TC 97 (Information Technology) and IEC/TC 83, with IEC/SC 47B joining later. The intent was to bring together, in a single committee, the IT standardization activities of the two parent organizations in order to avoid duplicative or possibly incompatible standards. At the time of its formation, the mandate of JTC 1 was to develop base standards in information tec ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
