Embedded Files
Governance
ISO/IEC 27001
Description: This is the main standard for information security management systems (ISMS). It provides a framework for organizations to manage and protect their information assets and ensure they are secure.
ISO/IEC 27003
Description: This standard offers guidance on how to implement an ISMS as outlined in ISO/IEC 27001. It provides advice on the process, from starting the project through to monitoring the ISMS after it's been implemented.
ISO/IEC 27005
Description: This standard is focused on information security risk management. It provides guidelines on how organizations can identify, assess, and manage information security risks.
ISO/IEC 27014
Description: This standard deals with the governance of information security. It guides organizations on how to align their information security management with the overall organizational governance.
ISO/IEC 27022
Description: As of my last training cut-off in January 2022, ISO/IEC 27022 isn't a standard that I recognize as part of the ISO/IEC 27000 series. However, the 27000 series is always evolving, so it's possible that this is a new or upcoming standard. You'd need to check the latest publications or the ISO's official website for details on this one.
ISO/IEC 27008
Description: This focuses on guidelines for the assessment of information security controls. This assessment is part of the overall governance and management of the ISMS.
ISO/IEC 27004
Description: This standard is all about metrics and measurement. It provides guidance on the development and use of measures and measurement to assess the effectiveness of an organization's information security management system and controls. This aids governance by helping organizations to measure and report on their security posture.
ISO/IEC 27036
Description: Information Security for Supplier Relationships , pertains to the security aspects of supplier relationships, including the relationships with cloud service providers. Given the increasing reliance on third-party services, supply chains, and external systems, this standard is crucial in ensuring that the security of an organization's assets isn't compromised through its suppliers.The standard is actually a multi-part series, and each part addresses different facets of the supplier relationship from a security perspective.
ISO/IEC 27036-1: Overview and concepts
ISO/IEC 27036-2: Requirements
ISO/IEC 27036-3: Guidelines for information and communication technology supply chain security
ISO/IEC 27036-4: Guidelines for security of cloud services
Identify
ISO/IEC 27005
Description: This standard is focused on information security risk management. It provides guidelines on how organizations can identify, assess, and manage information security risks.
Protect
SO/IEC 27002
Description: It provides best practice recommendations on information security controls for use by those responsible for initiating, implementing, or maintaining information security management systems. It aids governance by helping to define the controls needed under the ISMS.
Detect
ISO/IEC 27007
Description: This offers guidance on auditing the ISMS, providing a systematic and independent approach to assess the establishment, implementation, operation, and maintenance of the ISMS.
Respond
ISO/IEC 27035 (in parts)
Description: This standard is dedicated to information security incident management. It provides a structured and planned approach to detect, report, assess, respond to, deal with, and learn from information security incidents.
ISO/IEC 27035-1: The main body that introduces the concepts of information security incident management.
ISO/IEC 27035-2: Provides guidelines to plan and prepare for incident response.
ISO/IEC 27035-3: Provides guidance on the acquisition, development, testing, and implementation of an incident response.
Recover
see ISO 27002 relevant controls
Google Sites
Report abuse