BS ISO/IEC 27000:2009 Information technology. Security techniques. Information security management systems. Overview and vocabulary
About information security management systems (ISMS)
Using the information security management system (ISMS) family of standards, organizations can develop and implement a framework for managing the security of their information assets and prepare for an independent assessment of their ISMS applied to the protection of information, such as financial information, intellectual property, and employee details, or information entrusted to them by customers or third parties.
What is BS ISO/IEC 27000?
BS ISO/IEC 27000 provides an overview of ISMS that form the subject of the ISMS family of standards. BS ISO/IEC 27000 defines the related terms.
BS ISO/IEC 27000 aims to provide the terms and definitions, and an introduction to the ISMS family of standards that:
- Define requirements for an ISMS and for those certifying such systems
- Provide direct support, detailed guidance and/or interpretation for the overall Plan-Do-Check-Act (PDCA) processes and requirements
- Address sector-specific guidelines for ISMS
- Address conformity assessment for ISMS.
BS ISO/IEC 27000 applies to all types of organization (e.g. commercial enterprises, government agencies, non-profit organizations). It can be used as an aid to understanding the fundamentals, principles and concepts, to improve protection of their information assets. Organizations implementing an ISMS as part of their risk strategy will find it particularly significant.
Today, an organization's information assets are dependent upon information and communications technology. The technology assists in facilitating the creation, processing, storing, transmitting, protection and destruction of information.
As the extent of the interconnected global business environment expands, so does the requirement to protect information, as the range of threats and vulnerabilities increase.
By following BS ISO/IEC 27000, all types of organization are expected to obtain:
- An overview of the ISMS family of standards
- An introduction to information security management systems (ISMS)
- A brief description of the Plan-Do-Check-Act (PDCA) process
- An understanding of terms and definitions in use throughout the ISMS family of standards.
Contents of BS ISO/IEC 27000 include:
- Terms and definitions
- Information security management systems
- What is an ISMS?
- Process approach
- Why an ISMS is important
- Establishing, monitoring, maintaining and improving an ISMS
- ISMS critical success factors
- Benefits of the ISMS family of standards
- ISMS family of standards
- General information
- Standards describing an overview and terminology
- Standards specifying requirements
- Standards describing general guidelines
- Standards describing sector-specific guidelines
- Verbal forms for the expression of provisions
- Categorized terms