The IT Law Wiki

ISO/IEC 27001:2005


32,085pages on
this wiki
Add New Page
Add New Page Talk0

Citation Edit

ISO/IEC 27001:2005: Information Security Management Systems — Requirements (Summary).

Overview Edit

ISO/IEC 27001:2005 is

an auditable international standard that specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented Information Security Management System (ISMS) within the context of the organization's overall business risks. It uses a process approach for protection of critical information.[1]

It "is an advisory standard that is meant to be interpreted and applied to all types and sizes of organization according to the particular information security risks they face. In practice, this flexibility gives users a lot of latitude to adopt the detailed information security controls that make sense to them, but can make compliance testing more complex than some other formal certification schemes."[2]

References Edit

  1. Guidelines for Smart Grid Cyber Security, Vol. 3, at I-7.
  2. Cloud Security Standards: What to Expect & What to Negotiate, at 8.

Also on Fandom

Random Wiki