The ISO 27000 Log

Welcome To The ISO 27000 Journal

ISO 27000 represents the series of information security related standards published by ISO. Well, in actual fact, this is not entirely true, because at time of writing this article, only one such standard has actually been published: ISO 27001. However, a number of others are motted, specifically:
    ISO 27002: This is the re-publication of ISO 17799 (formerly BS 7799-1).
    ISO 27003: This is intended to be an implementation guide for an information security management system
    ISO 27004: This will focus upon measurement and metrics for information security
    ISO 27005: This will cover risk management
    ISO 27006: This is likely to be a guide to certification
As with other series's of standards, the series number itself, ISO 27000, is likely to define basic concepts and vocabulary.

There is no strict timetable in place for these development, which are likely to span a number of years. However, the next steps (possibly the 17799 renum) are likely to occur during 2007.

The standards have largely been driven by the activities of BSI. The original ISO information security standard, ISO 17799, was based upon BS7799-1, which evolved from a document published by the Department of Trade and Industry in the UK. ISO 27001 was also an update of an existing BSI standard, BS7799-2. Finally, it is possible that ISO 27005 will be based on yet another BSI publication, BS7799-3.



About Us

  • This is section of the W3 Journal is intended to define the various frameworks associated with IT Governance. It will be updated periodically, as information becomes available as as new articles are complated. Contributions are welcome, via the contact page linked to above.

Powered by W3 Journal