ISO/IEC 27001 Standard

From GM-RKB
Jump to navigation Jump to search

An ISO/IEC 27001 Standard is an information security international standard on for information security management system.



References

2022

  • (Wikipedia, 2022) ⇒ https://en.wikipedia.org/wiki/ISO/IEC_27001 Retrieved:2022-7-9.
    • ISO/IEC 27001 is an international standard on how to manage information security. The standard was originally published jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) in 2005 and then revised in 2013. It details requirements for establishing, implementing, maintaining and continually improving an information security management system (ISMS) – the aim of which is to help organizations make the information assets they hold more secure. A European update of the standard was published in 2017. Organizations that meet the standard's requirements can choose to be certified by an accredited certification body following successful completion of an audit. The effectiveness of the ISO/IEC 27001 certification process and the overall standard has been addressed in a large-scale study conducted in 2020.

2021

2013

  • https://www.iso.org/standard/54534.html
    • QUOTE: ... ISO/IEC 27001:2013 specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization. It also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization. The requirements set out in ISO/IEC 27001:2013 are generic and are intended to be applicable to all organizations, regardless of type, size or nature. ...