ISO 27001 + 2 Review

ISO 27001 and  27002 Review

The ISO ( International Organization for Standardization)27001 standard was published in October 2005, essentially replacing the old BS7799-2 standard.

Information security management systems — Requirements =  ISO 27001

It is the specification for an ISMS, an Information Security Management System.

The objective of the standard itself is to “provide a model for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving an Information Security Management System.

It employs the PDCA, Plan-Do-Check-Act model to structure the processes.

Code of practice for information security management =  ISO 27002

The ISO 27002 standard is the rename of the ISO 17799 standard, and is a code of practice for information security. It basically outlines hundreds of potential controls and control mechanisms, which may be implemented, in theory, subject to the guidance provided within ISO 27001.

http://www.27000.org/

http://en.wikipedia.org/wiki/ISO/IEC_27001

Advertisements
This entry was posted in IT Security, Week 35 and tagged , . Bookmark the permalink.

One Response to ISO 27001 + 2 Review

  1. Love your overview of ISO 27001. Is this something you have implemented or implement for others?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s