4.2 Series of Standards ISO 2700x
What Is the ISO?
Important ISO Standards for Information Security
Naming conventions for ISO/IEC standards
Пример:
- ISO/IEC 27000-1:2018, which means it is a standard with multiple parts and was published or revised in 2018
Short form of name: - ISO/IEC 27017:2015, for example, would generally be called “ISO 27017”
ISO/IEC 20000-1:2018—Service management
This standard outlines requirements for the running of IT services (service management, includes planning, delivery, service improvement and response to service failures)
- is quite similar to ISO 27001 but ISO 20000 doesn't completely cover
ISO/IEC 27001:2013—Information security management systems (the most important)
- essential for ISMS
- it focuses on the establishment, implementation, execution, monitoring, inspection, maintenance, and improvement of an ISMS
• understanding requirements for an IT security organization
• defining a guideline and goals for IT security
• cyber security risk management and its integration with the organization’s general business risk
• monitoring and reviewing ISMS performance and effectiveness
• objectively measuring continuous improvement of the ISMS
ISO/IEC 22301:2019—Security and resilience
- e standard for business continuity management (BCM) and establishes requirements for BCM systems in institutions.
ISO/IEC 27002:2013—Information security controls
- ISO 27002 is a supplementary guideline for the management of IT security.
ISO/IEC 27003:2017—Information security management system implementation guidance
- ISO 27003 provides guidance for on the implementation of the information security management system (ISMS) as outlined in ISO27001
ISO/IEC 27004:2016—Information security management—measurement
- ISO 27004 provides a framework for the measurement of security program effectiveness.
ISO/IEC 27005:2018—Information security risk management
- rovides a structure for understanding and evaluating risk within an organization.
ISO/IEC 27006:2015—Requirements for bodies providing audit and certification of information security management systems
- ISO 27006 is a standard for those entities that intend to provide audit or certification services against the ISO 27001 standards.
ISO/IEC 27007:2020—Guidelines for information security management systems auditing
- ISO 27007 provides information to assist (помощи) in the audit of an ISMS.
ISO/IEC 27017:2015—Information security controls based on ISO/IEC 27002 for cloud services
- This cloud security standard expands (расширяет) the operational and implementation guidance found in ISO/IEC 27002.
ISO/IEC 27018:2019—Protection of personally identifiable information (PII) in public clouds acting as PII processors
- ISO 27018 is a standard with specific scope—it deals with the processing of personally identifiable information (PII) by public cloud service providers.
ISO/IEC 27033—Security techniques—network security
- The ISO 27033 series provides guidance on the secure
procurement (преобретение), maintenance (обслуживание), and operation (эксплуатация) of networks.
ISO/IEC 27039:2015—Selection, deployment and operations of intrusion detection and
prevention systems (IDPS)
- Both IDS (Intrusion Detection System) and IPS (Intrusion Protection System) are systems that ensure the organization is alerted by behaviors that indicate an intruder into the network or hosts