Search in Boards

Search the entire site bulletin board

References

Contact Us

Tel. +82 2 6749 0701

AM 9:00 ~ PM 6:00

Saturday,Sunday,Holiday :
Days Off

02.6749.0711
info@igcert.org

Publication_en

IGC 홍보자료 배너
 

Information technology — Security techniques — Information security ma…

Page Information

profile_image
Writer igc인증원
Comment 0Times Lookup 409psc Date Created 23-09-13 12:57

Contents

Information technology — Security techniques — Information security management systems — Overview and vocabulary

Regardless of the type and scale of the organization, it collects, processes, stores, and transmits information. These information, processes, systems, networks, and personnel are recognized as important assets in achieving the organization's objectives. By implementing information security controls, the organization can address the various risks that may affect the functionality of these assets. ISO/IEC 27000:2018 provides a series of ISMS standards, along with related terms and definitions, and introduces information security management systems.

What is ISMS?

ISMS stands for Information Security Management System. It consists of policies, procedures, guidelines, resources, and activities that an organization collectively manages to protect its information assets. To effectively address and manage information risks, it is necessary to conduct prior risk assessments and understand the organization's risk tolerance level. Analyzing the requirements for protecting information assets and applying appropriate controls to ensure the protection of such information helps in successfully implementing ISMS.

What is Information Security?

Information security refers to the protection of information in three key dimensions: confidentiality, availability, and integrity. Information security involves the application and management of appropriate security measures considering a wide range of threats to ensure the ongoing success and continuity of business operations and minimize the impact of information security incidents. Information security is achieved through the selection of identified information assets to be protected, the implementation of a risk management process, and the enforcement of a set of applicable controls that are managed through ISMS. To ensure that specific information security and business objectives are achieved, it is necessary to specify, implement, monitor, review, and improve (when necessary) these controls within the organization.

ISMS< ISMS >

ISMS family of standards

The ISMS standard series consists of ISO/IEC 27001, which describes the requirements for ISMS, ISO/IEC 27009, which provides additional requirements framework for sector-specific implementation, and various guidelines for different aspects of ISMS implementation, including general processes, control-related guidelines, and sector-specific guidelines. ISO/IEC 27000 provides information on the types, scope, and purpose of the ISMS standard series.

ISMS family of standards

Type Requirement Name
Vocabulary standard - Clause 5.2 27000 Information technology — Security techniques — Information security management systems — Overview and vocabulary
Requirement standards - Clause 5.3 27001 Information technology — Security techniques — Information security management systems — Requirements
27006 Information technology — Security techniques — Requirements for bodies providing audit and certification of information security management systems
27009 Information technology — Security techniques — Sector-specific application of ISO/IEC 27001 — Requirements
Guidelines standards - Clause 5.4 27002 Information technology — Security techniques — Code of practice for information security controls
27003 Information technology — Security techniques — Information security management — Guidance
27004 Information technology — Security techniques — Information security management — Monitoring, measurement, analysis and evaluation
27005 Information technology — Security techniques — Information security risk management
27007 Information technology — Security techniques — Guidelines for information security management systems auditing
27013 Information technology — Security techniques — Guidance on the integrated implementation of ISO/IEC 27001 and ISO/IEC 20000-1
27014 Information technology — Security techniques — Governance of information security
27021 Information technology — Security techniques — Information security management — Competence requirements for information security management systems professionals
TR 27008 Information technology — Security techniques — Guidelines for auditors on information security controls
TR 27016 Information technology — Security techniques — Information security management — Organizational economics
Sector-specific guidelines standards - Clause 5.5 27010 Information technology — Security techniques — Information security management for inter-sector and inter-organizational communications
27011 Information technology — Security techniques — Code of practice for information security controls based on ISO/IEC 27002 for telecommunications organizations
27017 Information technology — Security techniques — Code of practice for information security controls based on ISO/IEC 27002 for cloud services
27018 Information technology — Security techniques — Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors
27019 Information technology — Security techniques — Information security controls for the energy utility industry

*Control-speci ic guidelines standards (out of the scope of this document) 2703x, 2704x

Comment list

There are no registered comments.