Audit Information systems & IT Security
Audit Information systems & IT Security

Audit Information systems & and IT Security

Information System audit and IT Security

ISO 27000 - Series

This series will comprise an entire series of information security related standards. ISO-27001, ISO-27002 and ISO-27006 are completed and planned are ISO-27000, ISO-27003, ISO-27004 and ISO-27005.

Specifically, these are expected to cover the following topics:

ISI 27000 - Information security management systems - Overview and vocabulary (not yet published).

ISO 27001 - Information security management systems -- Requirements (This is the revision of BS 7799 Part 2)

ISO 27002 - Code of practice for information security management (Used to be numbered ISO 17799).

ISO 27003 - Will probably comprise Implementation Guidance

ISO 27004 - Is earmarked for Metrics and Measurement

ISO 27005 - Will be dedicated to Risk Management.

ISO 27006 - Requirements for bodies providing audit and certification of information security management systems.

The timeframe for these developments is long term and undefined.

Obtaining ISO-27000

The ISO 27000 - series is published by ISO. The standards are not free, they have to be purchased. The ISO-17799 standard can be downloaded as part of the ISO-17799 Toolkit stand alone from the ISO17799 Shop, or from ISO.

ISO-27000 Links

The ISO-17799 forum page contains much useful information about the standards.


Auditing Security and IT Systems
Copyright 2006-2008. All Rights Reserved. Something missing on this page? Let us know