Английская Википедия:ISO/IEC 27000

Материал из Онлайн справочника
Версия от 13:53, 24 марта 2024; EducationBot (обсуждение | вклад) (Новая страница: «{{Английская Википедия/Панель перехода}} {{about|the individual 27000 standard|the larger series of standards|ISO/IEC 27000-series}} {{Short description|Information security management systems standards}} {{2p|date=April 2017}}{{Use British (Oxford) English|date=January 2012}} '''ISO/IEC 27000''' is one of the ISO/IEC technical...»)
(разн.) ← Предыдущая версия | Текущая версия (разн.) | Следующая версия → (разн.)
Перейти к навигацииПерейти к поиску

Шаблон:About Шаблон:Short description Шаблон:2pШаблон:Use British (Oxford) English ISO/IEC 27000 is one of the ISO/IEC technical standards in the ISO/IEC 27000 series of Information Security Management Systems (ISMS)-related standards. The formal title for ISO/IEC 27000 is Information technology — Security techniques — Information security management systems — Overview and vocabulary.

The standard was developed by subcommittee 27 (SC27) of the first Joint Technical Committee (JTC1) of the ISO and IEC.[1]

ISO/IEC 27000 provides:

  • An overview of, and introduction to, the entire ISO/IEC 27000 series.
  • A formally-defined glossary or vocabulary of the specialist terms used throughout the ISO/IEC 27000 series.

ISO/IEC 27000 is available for free via the ITTF website.[2]

Overview and introduction

The standard describes the purpose of an Information Security Management System (ISMS), a management system similar in concept to those recommended by other ISO standards such as ISO 9000 and ISO 14000, used to manage information security risks and controls within an organization. Bringing information security deliberately under overt management control is a central principle throughout the ISO/IEC 27000 standards.

Glossary

Information security, like many technical subjects, is evolving a complex web of terminology. Relatively few authors take the trouble to define precisely what they mean, an approach which is unacceptable in the standards arena as it potentially leads to confusion and devalues formal assessment and certification. As with ISO 9000 and ISO 14000, the base '000' standard is intended to address this.

The target audience is users of the remaining ISO/IEC 27000-series information security management standards.

See also

References

Шаблон:Reflist

Шаблон:ISO standards Шаблон:List of International Electrotechnical Commission standards


Шаблон:Standard-stub

  1. ISO/IEC 27000:2016
  2. Шаблон:Cite web