Citation Edit

ISO/IEC 27001:2005: Information Security Management Systems — Requirements (Summary).

Overview Edit

ISO/IEC 27001:2005 is

an auditable international standard that specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented Information Security Management System (ISMS) within the context of the organization's overall business risks. It uses a process approach for protection of critical information.[1]

It "is an advisory standard that is meant to be interpreted and applied to all types and sizes of organization according to the particular information security risks they face. In practice, this flexibility gives users a lot of latitude to adopt the detailed information security controls that make sense to them, but can make compliance testing more complex than some other formal certification schemes."[2]

References Edit

  1. Guidelines for Smart Grid Cyber Security, Vol. 3, at I-7.
  2. Cloud Security Standards: What to Expect & What to Negotiate, at 8.

Ad blocker interference detected!

Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.