In a nutshell it is an ISO standard specifying the requirements for an information security management system. It was published in October 2005, and was based heavily upon the British Standard, BS 7799-2.
ISO/IEC 27001 is often considered to be the prime ISO 27000 standard because it is this against which certification can be sought. It is aligned with other ISO quality management standards, such as ISO 9001 and ISO 14001.
The standard is also intended to drive the selection of adequate and proportionate security controls. Hence the relationship with ISO 27002, (also known as ISO17799) which defines individual controls within a code of practice framework.
1 comment:
Hi, It's a nice blog.
If you need to find more information about ISO 27001 I recommend ISO 27001 Guide Blog
Post a Comment