admin

Telecommunications-specific security controls and implementation guidance for ISMS 1. Telecommunications Security Framework ISO/IEC 27011:2016 provides a specialized code of practice for information security controls within the telecommunications sector, tailored from the comprehensive control set of ISO/IEC 27002. The telecommunications industry…

Integrating information security management and IT service management for operational excellence 1. Why Integrate ISO/IEC 27001 and ISO/IEC 20000-1? ISO/IEC 27013:2015 provides guidance on the integrated implementation of ISO/IEC 27001 (information security management) and ISO/IEC 20000-1 (service management). These two…

Strategic Oversight, Governance Principles, and the Evaluate-Direct-Monitor Cycle for Information Security ISO/IEC 27014:2020 (with its 2022 revision/amendment) establishes the governance framework for information security. Unlike operational standards such as ISO/IEC 27001 or 27002, which focus on the management and implementation…

Strategic framework for board-level information security governance 1. Governance Framework for Information Security ISO/IEC 27014:2020 (reaffirmed 2022) establishes a governance framework for information security that bridges the gap between executive leadership and operational security management. Unlike operational security standards that…

Requirements for bodies providing audit and certification of information security management systems ISO/IEC 27006-1:2024 specifies requirements for bodies providing audit and certification of an Information Security Management System (ISMS) against ISO/IEC 27001. Unlike the guidance standards in the 27000 family…

Guidelines for auditing information security management systems, complementing ISO 19011 ISO/IEC 27007:2020 provides guidelines for auditing an Information Security Management System (ISMS), complementing the general auditing guidance of ISO 19011 with information security-specific considerations. It is written primarily for internal…

Requirements for creating sector-specific ISMS standards that extend ISO/IEC 27001 ISO/IEC 27009:2020 defines the requirements for creating sector-specific standards that add to or refine ISO/IEC 27001 requirements for particular industry sectors. It ensures consistency across all sector-specific ISMS standards by…

A comprehensive guide to secure information sharing across organizational boundaries 1. Understanding Cross-Organizational Information Security ISO/IEC 27010:2015 extends the ISMS family framework beyond the boundaries of a single organization to enable secure information sharing across sectors and between organizations. In…

Comprehensive guidance for establishing, implementing, maintaining and improving an information security management system ISO/IEC 27003:2017 provides detailed guidance on establishing, implementing, maintaining, and continually improving an Information Security Management System (ISMS) in accordance with ISO/IEC 27001:2013 (now superseded by ISO/IEC…

Guidance for measuring the effectiveness of your information security management system ISO/IEC 27004:2016 provides guidance on establishing and operating monitoring, measurement, analysis, and evaluation processes for an Information Security Management System (ISMS). It is a critical standard for organizations that…