ISO Flashcards
ISO17788
Cloud computing, overview, and vocabulary.
ISO2237
7 part series on physical environment
ISO27000
Overview and glossary (make sense since, first section, u know ZERO about this yet)
ISO27001
Formal ISMS specification, security governance - how to manage information security; standards to which to certify.
(This is the first real section, high level);
ISMS = information Security Management System;
ISO27002
Infosec controls guideline; Best practice guideline; how to do 27001
Infosec Controls (Think control switch, has 2 positions), GUIDELINES (guide someone, you need to coordinate that requires 2)
ISO27003
ISMS Implementation (think how to 1-2-3 steps)
ISO27004
Infosec measurements [metrics] (think 4 as four quadrants)
ISO27005
Infosec risk management (Poker is risky, you play with 5 cards)
ISO27006
ISMS certification & audit guide (ssssertication - pronounce the 6)
ISO27007
Management system Audit (lucky 7 if you pass the audit)
ISO27009
Information security, cybersecurity, and privacy protection — Sector-specific application of ISO/IEC 27001
ISO27010
Critical infrastructure (“10” is critical)
IS027011
Telecommunication (11 = antenna)
ISO27014
guidance on concepts and principles for the Governance of information security (make it consistent and standardized, measurable, comprehensive, and modular)
IS027015
Financial (5 looks like $ dollar)
ISO27017
Security guidelines, control for cloud (based on ISO/IEC 27002)
ISO27018
PII for cloud
ISO27034
Application security
ONF or Organizational Normative Framework
ANF or Application Normative Framework
ISO27036
Supply chain security
ISO27050
Digital forensic, along with 27037, 27041, 27042, 27043
IS027099
Information Technology — Public key infrastructure — Practices and policy framework
ISO28000
Supply chain (and other 2800*)
ISO31000
Risk management framework
ISO 15408
Common Criteria
