All information held and processed by an organization is subject to the risks of attack, error and natural disaster, and other vulnerabilities inherent to its use. Information security is considered a valuable “asset” requiring appropriate protection, for example, against the loss of availability, confidentiality and integrity.
The recently revised ISO/IEC 27000:2016, Information technology – Security techniques – Information security management systems – Overview and vocabulary, gives a comprehensive view of information security management systems covered by the ISMS family of Standards, and defines related terms and definitions.
ISO/IEC 27000 gives a high-level overview of the ISMS family of Standards (ISO/IEC 27001), how they support the implementation of requirements contained in ISO/IEC 27001, Information technology – Security techniques – Information security management systems – Requirements, and how they relate to each other.
The Standard defines the key factors of a successful implementation and the numerous benefits of using the ISMS family of Standards. It provides an understanding of how the ISO/IEC 27001 family fits together through its multi-faceted approach, clarifying the Standards’ scopes, roles, functions and relationship to each other. In addition, ISO/IEC 27000 gathers in one place all the essential terminology used in the ISO/IEC 27001 family.
Click here for more.