International Organization for Standardization (ISO)
The International Organization for Standardization (ISO) is a body created to set standards between nations.
- Est. 1926
- Created more than 21,000 standards covering almost every industry, from technology, to food safety, to agriculture and healthcare
- Develops many standards and frameworks governing the use of computers, networks, and telecommunications
- publishes a cybersecurity framework commonly referred to as ISO 27k
ISO 27000
The ISO 27000 series covers information security standards.
- aka ISO 27k
- established in 2005
- revised in 2013 and 2018
- discusses information security management systems
- intended to help manage the security of the assets within your organization
- lay out best practices for managing risk, controls, privacy, technical issues, and other specifics
Key Standards
- ISO/IEC 27000
- Information security management systems – overview and vocabulary
- ISO-IEC 27001
- Information technology – security techniques – information security management systems – requirements
- covers cybersecurity control objectives
- ISO-IEC 27002
- Code of practice for information security controls
- cover cybersecurity control implementation
- ISO 27701
- covers privacy controls
- ISO 31000
- covers risk management programs
- ISO 27017/27018
- covers cloud security