Get 2 Documentation Toolkits for the price of 1
Limited-time offer – ends March 28, 2024

Expert Advice Community

Guest

ISO standards related to ISO 27001

  Quote
Guest
Guest user Created:   Sep 21, 2019 Last commented:   Sep 21, 2019

ISO standards related to ISO 27001

I work in security and want to focus on iso 27001, what other iso's are related to 27001 and to what clause? I've seen a few mentioned now.

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Sep 21, 2019

There are 52 standards related to ISO 27001. You can recognize them by the prefix ISO/IEC 270xx. They are not related to specific clauses, but to some processes (e.g., risk management, implementation, measurement, etc.), and to controls from Annex A, where they provide detailed implementation guidance (e.g., physical security, cloud security, privacy, etc.).

The most knowledgeable and used are:
- ISO 27002 - It provides general guidance on the implementation of Annex A controls 
- ISO 27005 - It provides general guidance on the implementation of information security risk management
- ISO 27017 - It provides specific guidance on the implementation of Annex A controls for cloud environments
- ISO 27018 - It provides specific guidance on the implementation of Annex A controls for privacy on cloud environments
- ISO 27031 - It provides specific guidance on the implementation of Annex A regarding IT disaster recovery
- ISO 27032 - It provides specific guidance on the implementation of Annex A regarding cybersecurity

At ISO site you can find a complete list of related standards: https://www.iso.org/obp/ui/#search
(filtros: standard and ISO/IEC JTC 1/SC 27)

For more information see:
- ISO 27001 vs. ISO 27002 https://advisera.com/27001academy/knowledgebase/iso-27001-vs-iso-27002/
- ISO 27001 vs. ISO 27017 – Information security controls for cloud services https://advisera.com/27001academy/blog/2015/11/30/iso-27001-vs-iso-27017-information-security-controls-for-cloud-services/
- ISO 27001 vs. ISO 27018 – Standard for protecting privacy in the cloud https://advisera.com/27001academy/blog/2015/11/16/iso-27001-vs-iso-27018-standard-for-protecting-privacy-in-the-cloud/
- Understanding IT disaster recovery according to ISO 27031 https://advisera.com/27001academy/blog/2015/09/21/understanding-it-disaster-recovery-according-to-iso-27031/
- ISO 27001 vs. ISO 27032 cybersecurity standard https://advisera.com/27001academy/blog/2015/08/25/iso-27001-vs-iso-27032-cybersecurity-standard/

2 - I was keen to understand about risk, does it make sense to just use the iso risk approach or methodology like the FAIR institute? Lost here in direction to study.

Answer: ISO 27001 does not prescribe which methodology to use for information security risk management, so you can use the approach it is best for your organization (e.g., FAIR, ISO 27005, ISO 31000, NIST RMF, etc.)

These articles will provide you a further explanation about risk management:
- How to address opportunities in ISO 27001 risk management using ISO 31000 https://advisera.com/27001academy/blog/2018/04/13/how-to-address-opportunities-in-iso-27001-risk-management-using-iso-31000/
- How to use the NIST SP800 series of standards for ISO 27001 implementation https://advisera.com/27001academy/blog/2016/05/02/how-to-use-the-nist-sp800-series-of-standards-for-iso-27001-implementation/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Sep 21, 2019

Sep 21, 2019