I am a PhD researcher and I am looking for useful security concepts for my research. I want to see which ISO framework do you think can be useful as a basis for finding useful security concepts. My research is to provide a framework that helps organizations identify security concepts at the governance and management levels. I am hesitating between ISO 27000 and ISO 27001 and ISO 27014.
I would appreciate your help with this regards!
I’m considering that when you mention “security concepts”, and the listed standards, you mean “information security” concepts.
Considering that, the three standards can be useful to you because together they cover concepts for both governance and management of information security: - ISO 27000 covers the general concepts about information security - ISO 27001 presents concepts related to information security management, i.e., how to identify and treat information security risks, and this standard requires the engagement of management - ISO 27014 covers concepts of Information Security Governance, i.e., on how to evaluate, direct, monitor, and communicate the information security-related activities within the organization