Welcome To The ISO 27000 Journal
ISO 27000 represents the series of information security related standards published by ISO. Well, in actual fact, this is not entirely true, because at time of writing this article, only one such standard has actually been published: ISO 27001. However, a number of others are motted, specifically:
There is no strict timetable in place for these development, which are likely to span a number of years. However, the next steps (possibly the 17799 renum) are likely to occur during 2007.
A SHORT HISTORY
The standards have largely been driven by the activities of BSI. The original ISO information security standard, ISO 17799, was based upon BS7799-1, which evolved from a document published by the Department of Trade and Industry in the UK. ISO 27001 was also an update of an existing BSI standard, BS7799-2. Finally, it is possible that ISO 27005 will be based on yet another BSI publication, BS7799-3.
-
ISO 27002: This is the re-publication of ISO 17799 (formerly BS 7799-1).
ISO 27003: This is intended to be an implementation guide for an information security management system
ISO 27004: This will focus upon measurement and metrics for information security
ISO 27005: This will cover risk management
ISO 27006: This is likely to be a guide to certification
There is no strict timetable in place for these development, which are likely to span a number of years. However, the next steps (possibly the 17799 renum) are likely to occur during 2007.
A SHORT HISTORY
The standards have largely been driven by the activities of BSI. The original ISO information security standard, ISO 17799, was based upon BS7799-1, which evolved from a document published by the Department of Trade and Industry in the UK. ISO 27001 was also an update of an existing BSI standard, BS7799-2. Finally, it is possible that ISO 27005 will be based on yet another BSI publication, BS7799-3.