ISO/IEC 27001 Standard
Jump to navigation
Jump to search
An ISO/IEC 27001 Standard is an information security international standard on for information security management system.
- Context:
- It can be a member of a ISO/IEC 27000 Family.
- …
- Example(s):
- Counter-Example(s):
- See: Information Security Management (ISM), Information Security, International Organization for Standardization, International Electrotechnical Commission.
References
2022
- (Wikipedia, 2022) ⇒ https://en.wikipedia.org/wiki/ISO/IEC_27001 Retrieved:2022-7-9.
- ISO/IEC 27001 is an international standard on how to manage information security. The standard was originally published jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) in 2005 and then revised in 2013. It details requirements for establishing, implementing, maintaining and continually improving an information security management system (ISMS) – the aim of which is to help organizations make the information assets they hold more secure. A European update of the standard was published in 2017. Organizations that meet the standard's requirements can choose to be certified by an accredited certification body following successful completion of an audit. The effectiveness of the ISO/IEC 27001 certification process and the overall standard has been addressed in a large-scale study conducted in 2020.
2021
- https://www.iso.org/isoiec-27001-information-security.html
- QUOTE: ... ISO/IEC 27001 is widely known, providing requirements for an information security management system (ISMS), though there are more than a dozen standards in the ISO/IEC 27000 family. Using them enables organizations of any kind to manage the security of assets such as financial information, intellectual property, employee details or information entrusted by third parties. ...
2013
- https://www.iso.org/standard/54534.html
- QUOTE: ... ISO/IEC 27001:2013 specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization. It also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization. The requirements set out in ISO/IEC 27001:2013 are generic and are intended to be applicable to all organizations, regardless of type, size or nature. ...