ISO/IEC 27000:2009(E)
© ISO/IEC 2009 – All rights reserved
0 Introduction
0.1 Overview
International Standards for management systems provide a model to follow in setting up and operating a
management system. This model incorporates the features on which experts in the field have reached a
consensus as being the international state of the art. ISO/IEC JTC 1 SC 27 maintains an expert committee
dedicated to the development of international management systems standards for information security,
otherwise known as the Information Security Management System (ISMS) family of standards.
Through the use of the ISMS family of standards, organizations can develop and implement a framework for
managing the security of their information assets and prepare for an independent assessment of their ISMS
applied to the protection of information, such as financial information, intellectual property, and employee
details, or information entrusted to them by customers or third parties.
0.2 ISMS family of standards
The ISMS family of standards
1)
is intended to assist organizations of all types and sizes to implement and
operate an ISMS. The ISMS family of standards consists of the following International Standards, under the
general title Information technology — Security techniques:
⎯ ISO/IEC 27000:2009, Information security management systems — Overview and vocabulary
⎯ ISO/IEC 27001:2005, Information security management systems — Requirements
⎯ ISO/IEC 27002:2005, Code of practice for information security management
⎯ ISO/IEC 27003, Information security management system implementation guidance
⎯ ISO/IEC 27004, Information security management — Measurement
⎯ ISO/IEC 27005:2008, Information security risk management
⎯ ISO/IEC 27006:2007, Requirements for bodies providing audit and certification of information security
management systems
⎯ ISO/IEC 27007, Guidelines for information security management systems auditing
⎯ ISO/IEC 27011, Information security management guidelines for telecommunications organizations based
on ISO/IEC 27002
NOTE The general title “Information technology — Security techniques” indicates that these standards were prepared
by Joint Technical Committee ISO/IEC JTC 1, Information technology, Subcommittee SC 27, IT Security techniques.
International Standards not under the same general title that are also part of the ISMS family of standards are
as follows:
⎯ ISO 27799:2008, Health informatics — Information security management in health using ISO/IEC 27002
1) Standards identified throughout this subclause with no release year indicated are still under development.
5星 · 超过95%的资源 需积分: 0 25 浏览量
2009-11-16
14:22:45
上传
评论 5
收藏 199KB PDF 举报 
- 1
- 2
- 3
前往页