Relevant ISO standards for information security
Assign topic to the user
Answer: You can consider the following standards of the ISO 27001 family as the basis for the generic approach to information security:
ISO/IEC 27001 — Information technology - Security Techniques — Information security management systems — Requirements.
ISO/IEC 27002 — Code of practice for information security controls
ISO/IEC 27004 — Information security management — Monitoring, measurement, analysis and evaluation
ISO/IEC 27005 — Information security risk management
However, ISO 27000 family also have additional standards that specific industries should also consider critical to properly protect information, such as:
ISO/IEC 27017 — Code of practice for information security controls based on ISO/IEC 27002 for cloud services
ISO/IEC 27018 — Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors
ISO/IEC TR 27019 — Infor mation security for process control in the energy industry
ISO/IEC 27031 — Guidelines for information and communication technology readiness for business continuity
ISO/IEC 27032 — Guideline for cybersecurity
So, a more appropriated statement would be "The ISOs 27001, 27002, 27004 and 27005 can provide the basic foundation for the information security posture of any organisation."
Comment as guest or Sign in
May 05, 2018