Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

ISMS > ISO 27ХХХ standards > Flashcards

ISO 27ХХХ standards Flashcards

ISMS

1
Q

ISO/IEC 27000

A

Information technology — Security techniques — Information security management systems — Overview and vocabulary
Scope: This document provides to organizations and individuals:
a) an overview of the ISMS family of standards;
b) an introduction to information security management systems; and
c) terms and definitions used throughout the ISMS family of standards.
Purpose: This document describes the fundamentals of information security management systems, which form the subject of the ISMS family of standards and defines related terms.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

ISO/IEC 27001

A

Requirements
Scope: This document specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving formalized information security management systems (ISMS) within the context of the organization’s overall business risks. It specifies requirements for the implementation of information security controls customized to the needs of individual organizations or parts thereof. This document can be used by all organizations, regardless of type, size and nature.
Purpose: ISO/IEC 27001 provides normative requirements for the development and operation of an ISMS, including a set of controls for the control and mitigation of the risks associated with the information assets which the organization seeks to protect by operating its ISMS. Organizations operating an ISMS may have its conformity audited and certified. The control objectives and controls from ISO/IEC 27001:2013, Annex A shall be selected as part of this ISMS process as appropriate to cover the identified requirements. The control objectives and controls listed in ISO/IEC 27001:2013, Table A.1 are directly derived from and aligned with those listed in ISO/IEC 27002:2013, Clauses 5 to 18.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

ISO/IEC 27006

A

Information technology — Security techniques — Requirements for bodies providing audit and certification of information security management systems
Scope: This document specifies requirements and provides guidance for bodies providing audit and ISMS certification in accordance with ISO/IEC 27001, in addition to the requirements contained within ISO/IEC 17021. It is primarily intended to support the accreditation of certification bodies providing ISMS certification according to ISO/IEC 27001.
The requirements contained in this document need to be demonstrated in terms of competence and reliability by anybody providing ISMS certification, and the guidance contained in this document provides additional interpretation of these requirements for anybody providing ISMS certification.
Purpose: ISO/IEC 27006 supplements ISO/IEC 17021 in providing the requirements by which certification organizations are accredited, thus permitting these organizations to provide compliance certifications consistently against the requirements set forth in ISO/IEC 27001.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

ISO/IEC 27009

A

Requirements
Scope: This document defines the requirements for the use of ISO/IEC 27001 in any specific sector (field, application area or market sector). It explains how to include requirements additional to those in ISO/IEC 27001, how to refine any of the ISO/IEC 27001 requirements, and how to include controls or control sets in addition to ISO/IEC 27001:2013, Annex A.
Purpose: ISO/IEC 27009 ensures that additional or refined requirements are not in conflict with the requirements in ISO/IEC 27001.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

ISO/IEC 27002

A

Information technology — Security techniques — Code of practice for information security controls
Scope: This document provides a list of commonly accepted control objectives and best practice controls to be used as implementation guidance when selecting and implementing controls for achieving information security.
Purpose: ISO/IEC 27002 provides guidance on the implementation of information security controls. Specifically, Clauses 5 to 18 provide specific implementation advice and guidance on best practice in support of the controls specified in ISO/IEC 27001:2013, A.5 to A.18.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

ISO/IEC 27003

A

Information technology — Security techniques — Information security management —Guidance
Scope: This document provides explanation and guidance on ISO/IEC 27001:2013.
Purpose: ISO/IEC 27003 provides a background to the successful implementation of the ISMS in accordance with ISO/IEC 27001.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

ISO/IEC 27004

A

measurement, analysis and evaluation
Scope: This document provides guidelines intended to assist organizations to evaluate the information security performance and the effectiveness of the ISMS in order to fulfil the requirements of ISO/IEC 27001:2013, 9.1. It addresses:
a) the monitoring and measurement of information security performance;
b) the monitoring and measurement of the effectiveness of an information security management system (ISMS) including its processes and controls;
c) the analysing and the evaluating of the results of monitoring and measurement.
Purpose: ISO/IEC 27004 provides a framework allowing an assessment of ISMS effectiveness to be measured and evaluated in accordance with ISO/IEC 27001.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

ISO/IEC 27005

A

Information technology — Security techniques — Information security risk management
Scope: This document provides guidelines for information security risk management. The approach described within this document supports the general concepts specified in ISO/IEC 27001.
Purpose: ISO/IEC 27005 provides guidance on implementing a process-oriented risk management approach to assist in satisfactorily implementing and fulfilling the information security risk management requirements of ISO/IEC 27001.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

ISO/IEC 27007

A

Information technology — Security techniques — Guidelines for information security management systems auditing
Scope: This document provides guidance on conducting ISMS audits, as well as guidance on the competence of information security management system auditors, in addition to the guidance contained in ISO 19011, which is applicable to management systems in general.
Purpose: ISO/IEC 27007 will provide guidance to organizations needing to conduct internal or external audits of an ISMS or to manage an ISMS audit programme against the requirements specified in ISO/IEC 27001.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

ISO/IEC TR 27008

A

Information technology — Security techniques — Guidelines for auditors on information security controls
Scope: This document provides guidance on reviewing the implementation and operation of controls, including technical compliance checking of information system controls, in compliance with an organization’s established information security standards.
Purpose: This document provides a focus on reviews of information security controls, including checking of technical compliance, against an information security implementation standard, which is established by the organization. It does not intend to provide any specific guidance on compliance checking regarding measurement, risk assessment or audit of an ISMS as specified in ISO/IEC 27004, ISO/IEC 27005 or ISO/IEC 27007, respectively. This documentis not intended for management systems audits.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

ISO/IEC 27013

A

Information technology — Security techniques — Guidance on the integrated implementation of ISO/IEC 27001 and ISO/IEC 20000-1
Scope: This document provides guidance on the integrated implementation of ISO/IEC 27001 and ISO/IEC 20000-1 for organizations that are intending to either:
a) implement ISO/IEC 27001 when ISO/IEC 20000-1 is already implemented, or vice versa;
b) implement both ISO/IEC 27001 and ISO/IEC 20000-1 together;
c) integrate existing management systems based on ISO/IEC 27001 and ISO/IEC 20000-1.
This document focuses exclusively on the integrated implementation of an information security management system (ISMS) as specified in ISO/IEC 27001 and a service management system (SMS) as specified in ISO/IEC 20000-1.
In practice, ISO/IEC 27001 and ISO/IEC 20000-1 can also be integrated with other management system standards, such as ISO 9001 and ISO 14001.
Purpose: To provide organizations with a better understanding of the characteristics, similarities and differences of ISO/IEC 27001 and ISO/IEC 20000-1 to assist in the planning of an integrated management system that conforms to both International Standards.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

ISO/IEC 27014

A

Information technology — Security techniques — Governance of information security
Scope: This document will provide guidance on principles and processes for the governance of information security, by which organizations can evaluate, direct and monitor the management of information security.
Purpose: Information security has become a key issue for organizations. Not only are there increasing regulatory requirements but also the failure of an organization’s information security measures can have a direct impact on an organization’s reputation. Therefore, governing bodies, as part of their governance responsibilities, are increasingly required to have oversight of information security to ensure the objectives of the organization are achieved

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

ISO/IEC TR 27016

A

Information technology — Security techniques — Information security management — Organizational economics
Scope: This document provides a methodology allowing organizations to better understand economically how to more accurately value their identified information assets, value the potential risks to those information assets, appreciate the value that information protection controls deliver to these information assets, and determine the optimum level of resources to be applied in securing these information assets.
Purpose: This document supplements the ISMS family of standards by overlaying an economics perspective in the protection of an organization’s information assets in the context of the wider societal environment in which an organization operates and providing guidance on how to apply organizational economics of information security through the use of models and examples.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

ISO/IEC 27021

A

Information technology — Security techniques — Information security management — Competence requirements for information security management systems professionals
Scope: This document specifies the requirements of competence for ISMS professionals leading or involved in establishing, implementing, maintaining and continually improving one or more information security management system processes that conforms to ISO/IEC 27001:2013.
Purpose: This document is intended for use by:
a) individuals who would like to demonstrate their competence as information security management system (ISMS) professionals, or who wish to understand and accomplish the competence required for working in this area, as well as wishing to broaden their knowledge,
b) organizations seeking potential ISMS professional candidates to define the competence required for positions in ISMS related roles,
c) bodies to develop certification for ISMS professionals which need a body of knowledge (BOK) for examination sources, and
d) organizations for education and training, such as universities and vocational institutions,

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

ISMS (4 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions