ISO & IEC Flashcards
ISO 9001:2015 Quality management systems
Standard for implementing and maintaining a quality management system.
ISO/IEC 27000:2016 Information technology – Security techniques – Information security management systems – Overview and vocabulary
Provides an overview and common vocabulary for information security management systems (ISMS).
ISO/IEC 27001:2013 Information technology – Security techniques – Information security management systems
Specifies the requirements for establishing, implementing, maintaining, and continually improving an ISMS.
ISO/IEC 27002:2013 Information technology – Security techniques – Code of practice (CoP) for information security controls
Provides guidelines and best practices for implementing security controls based on the ISO/IEC 27001 requirements.
ISO/IEC 27004:2016 Information technology – Security techniques – Information security management – Monitoring, measurement, analysis, and evaluation
Provides guidance on how to measure and assess the effectiveness of an organization’s information security management system.
ISO/IEC 27005:2011 Information technology – Security techniques – Information Security Risk Management
Provides guidelines for establishing and maintaining a systematic approach to risk management in information security.
ISO 31000:2009 Enterprise Risk Management – Principles and guidelines
Provides principles and guidelines for implementing a systematic and integrated approach to risk management in organizations.
ISO/IEC 20000:2018 Information technology — Service management (ITIL)
Standard for managing IT service management systems and aligning them with business requirements.
ISO 15408 Common Criteria
Provides a framework for evaluating the security of IT products and systems.
ISO 15489 Information and documentation – Records management and retention of records
Provides guidance on records management and the retention of records.
ISO 19011:2018 Guidelines for auditing management systems
Provides guidance on auditing various management systems, including information security management systems
ISO 22301:2012 Societal security – Business continuity management systems – Requirements
Specifies the requirements for implementing a business continuity management system.
ISO/IEC 27031:2011 Information technology - Security techniques - Guidelines for information and communication technology readiness for business continuity
Provides guidance on ensuring the readiness of information and communication technology for business continuity.
ISO/IEC 17025 Testing and Calibration Laboratories
Standard for testing and calibration laboratories, including those in the field of digital forensics.
ISO/IEC 27035 Information technology - Security techniques - Information security incident management
Provides guidance on managing information security incidents effectively.