ISO/IEC 27000 is part of a growing family of ISO/IEC Information Security Management Systems (ISMS) standards, the 'ISO/IEC 27000 series'. ISO/IEC 27000 is a new international standard entitled: "Information technology - Security techniques - Information security management systems - Overview and vocabulary". The standard is known informally, if incorrectly, as "ISO 27000".
The standard was developed by sub-committee 27 (SC27) of the first Joint Technical Committee (JTC1) of the International Organization for Standardization and the International Electrotechnical Commission.
ISO/IEC 27000 provides:
* An overview of and introduction to the entire ISO/IEC 27000 family of Information Security Management Systems (ISMS) standards; and
* A glossary or vocabulary of fundamental terms and definitions used throughout the ISO/IEC 27000 family. Information security, like many technical subjects, is evolving a complex web of terminology. Relatively few authors take the trouble to define precisely what they mean, an approach which is unacceptable in the standards arena as it potentially leads to confusion and devalues formal assessment and certification. As with ISO 9000 and ISO 14000, the base '000' standard is intended to address this.
Status
Current version: ISO/IEC 27000:2009, published in May and available from ISO/ITTF as a free download
Target audience: Users of the remaining ISO/IEC 27000-series information security management standards
The standard was developed by sub-committee 27 (SC27) of the first Joint Technical Committee (JTC1) of the International Organization for Standardization and the International Electrotechnical Commission.
ISO/IEC 27000 provides:
* An overview of and introduction to the entire ISO/IEC 27000 family of Information Security Management Systems (ISMS) standards; and
* A glossary or vocabulary of fundamental terms and definitions used throughout the ISO/IEC 27000 family. Information security, like many technical subjects, is evolving a complex web of terminology. Relatively few authors take the trouble to define precisely what they mean, an approach which is unacceptable in the standards arena as it potentially leads to confusion and devalues formal assessment and certification. As with ISO 9000 and ISO 14000, the base '000' standard is intended to address this.
Status
Current version: ISO/IEC 27000:2009, published in May and available from ISO/ITTF as a free download
Target audience: Users of the remaining ISO/IEC 27000-series information security management standards
