BS ISO/IEC 27014:2013 Information technology. Security techniques. Governance of information security

BS ISO/IEC 27014:2013

Information technology. Security techniques. Governance of information security

Status : Current, Under review   Published : May 2013



What is this standard about?

It provides guidance on the governance of information security. 

Who is this standard for?

Governing bodies in all types and sizes of organization.

Why should you use this standard? 

Information security has become a key issue for organizations. Not only are there increasing regulatory requirements but the failure of an organization’s information security measures can have a direct impact on an organization’s reputation.

Therefore, the governing body, as part of its governance responsibilities, is increasingly required to oversee information security to ensure the objectives of the organization are achieved.

To that end, this standard provides guidance on concepts and principles for the governance of information security, helping organizations evaluate, direct, monitor and communicate information security related activities within the organization. It provides the mandate essential for driving information security initiatives through the organization. 

Furthermore, an effective governance of information security ensures that the governing body receives relevant reporting framed in a business context about information security-related activities.

This standard will help organizations achieve an agile approach to decision-making about information risks and allow organizations to make pertinent and timely decisions about information security issues in support of the strategic objectives of the organization.

BS ISO/IEC 27014:2013 allows users to:

  • Align information security objectives with business strategy
  • Deliver value to stakeholders and governing bodies
  • Ensure information risk is being adequately addressed
  • Provide visibility on information security status
  • Make efficient and effective investments on information security
  • Achieve compliance with external requirements (legal, regulatory or contractual)

Standard NumberBS ISO/IEC 27014:2013
TitleInformation technology. Security techniques. Governance of information security
StatusCurrent, Under review
Publication Date31 May 2013
Normative References(Required to achieve compliance to this standard)ISO/IEC 27000:2009
Informative References(Provided for Information)ISO/IEC 27001:2005, ISO/IEC 27011:2008, ITGI, Information Security Governance framework:2009, ITU-T Recommendation X.1051:2008, ISO/IEC 27005:2011, ISO/IEC 27002:2005, ISO/IEC 38500:2008
International RelationshipsISO/IEC 27014:2013
Draft Superseded By12/30209825 DC
DescriptorsInformation exchange, Data security, Management, Technical documents, Data processing, Information systems, Classification systems, Computer technology, Computers, Anti-burglar measures, Maintenance, Documents, Records (documents), Data storage protection, Computer networks
Title in FrenchTechnologies de l'information. Techniques de sécurité. Gouvernance de la sécurité de l'information
ISBN978 0 580 69147 8
File Size1.307 MB

 Your basket
Your basket is empty

Multi-user access to over 3,500 medical device standards, regulations, expert commentaries and other documents


The faster, easier way to work with standards

Tracked Changes

Understand the changes made to a standard with our new Tracked Changes version

Worldwide Standards
We can source any standard from anywhere in the world

Customers who bought this product also bought

  • BS ISO/IEC 27005:2011
    Information technology. Security techniques. Information security risk management
  • BS ISO/IEC 27032:2012
    Information technology. Security techniques. Guidelines for cybersecurity
  • BS ISO/IEC 27033-3:2010
    Information technology. Security techniques. Network security Reference networking scenarios. Threats, design techniques and control issues
  • BS ISO/IEC 27031:2011
    Information technology. Security techniques. Guidelines for information and communication technology readiness for business continuity