Please enable JavaScript.
Coggle requires JavaScript to display documents.
4.2 Series of Standards ISO 2700x - Coggle Diagram
4.2 Series of Standards ISO 2700x
What Is the ISO?
Naming conventions for ISO/IEC standards
Пример:
ISO/IEC 27000-1:2018, which means it is a standard with multiple parts and was published or revised in 2018
Short form of name:
ISO/IEC 27017:2015, for example, would generally be called “ISO 27017”
Important ISO Standards for Information Security
ISO/IEC 20000-1:2018—Service management
This standard outlines requirements for the running of IT services (service management, includes planning, delivery, service improvement and response to service failures)
is quite similar to ISO 27001 but ISO 20000 doesn't completely cover
ISO/IEC 27001:2013—Information security management systems (the most important)
essential for
ISMS
it focuses on the establishment, implementation, execution, monitoring, inspection, maintenance, and improvement of an ISMS
• understanding requirements for an IT security organization
• defining a guideline and goals for IT security
• cyber security risk management and its integration with the organization’s general business risk
• monitoring and reviewing ISMS performance and effectiveness
• objectively measuring continuous improvement of the ISMS
ISO/IEC 22301:2019—Security and resilience
e standard for business continuity management (BCM) and establishes requirements for BCM systems in institutions.
ISO/IEC 27002:2013—Information security controls
ISO 27002 is a supplementary guideline for the management of IT security.
ISO/IEC 27003:2017—Information security management system implementation guidance
ISO 27003 provides guidance for on the implementation of the information security management system (ISMS) as outlined in ISO27001
ISO/IEC 27004:2016—Information security management—measurement
ISO 27004 provides a framework for the measurement of security program effectiveness.
ISO/IEC 27005:2018—Information security risk management
rovides a structure for understanding and evaluating risk within an organization.
ISO/IEC 27006:2015—Requirements for bodies providing audit and certification of information security management systems
ISO 27006 is a standard for those entities that intend to provide audit or certification services against the ISO 27001 standards.
ISO/IEC 27007:2020—Guidelines for information security management systems auditing
ISO 27007 provides information to assist (помощи) in the audit of an ISMS.
ISO/IEC 27017:2015—Information security controls based on ISO/IEC 27002 for cloud services
This cloud security standard expands (расширяет) the operational and implementation guidance found in ISO/IEC 27002.
ISO/IEC 27018:2019—Protection of personally identifiable information (PII) in public clouds acting as PII processors
ISO 27018 is a standard with specific scope—it deals with the processing of personally identifiable information (PII) by public cloud service providers.
ISO/IEC 27033—Security techniques—network security
The ISO 27033 series provides guidance on the secure
procurement (преобретение), maintenance (обслуживание), and operation (эксплуатация) of networks.
ISO/IEC 27039:2015—Selection, deployment and operations of intrusion detection and
prevention systems (IDPS)
Both IDS (Intrusion Detection System) and IPS (Intrusion Protection System) are systems that ensure the organization is alerted by behaviors that indicate an intruder into the network or hosts