 | This articlerelies excessively onreferences toprimary sources. Please improve this article by addingsecondary or tertiary sources. Find sources: "ISO/IEC 27000" – news ·newspapers ·books ·scholar ·JSTOR(April 2017) (Learn how and when to remove this message) |
ISO/IEC 27000 is one of thestandards in theISO/IEC 27000 series ofinformation security management systems (ISMS)-related standards. The formal title for ISO/IEC 27000 isInformation technology — Security techniques — Information security management systems — Overview and vocabulary.
The standard was developed bysubcommittee 27 (SC27) of the first Joint Technical Committee (JTC1) of theInternational Organization for Standardization (ISO) andInternational Electrotechnical Commission (IEC).[1]
ISO/IEC 27000 provides:
ISO/IEC 27000 is available for free via theITTF website.[2]
The standard describes the purpose of an ISMS, amanagement system similar in concept to those recommended by otherISO standards such asISO 9000 andISO 14000, used to manage information securityrisks andcontrols within anorganization. Bringinginformation security deliberately under overt management control is a central principle throughout the ISO/IEC 27000 series of standards.
The target audience is users of the remaining ISO/IEC 27000-series information security management standards.
Information security, like many technical subjects, is evolving a complex web of terminology. Relatively few authors take the trouble to define precisely what they mean, an approach which is unacceptable in the standards arena as it potentially leads to confusion and devalues formal assessment and certification. As withISO 9000 andISO 14000, the base '000' standard is intended to address this.
 | Thiscomputer security article is astub. You can help Wikipedia byadding missing information. |
 | Thisstandards- ormeasurement-related article is astub. You can help Wikipedia byadding missing information. |
