An Introduction to ISO 27001, ISO 27002....ISO 27008

The ISO 27000 series of standards have been specifically reserved by ISO for information security matters. This of course, aligns with a number of other topics, including ISO 9000 (quality management) and ISO 14000 (environmental management).

As with the above topics, the 27000 series will be populated with a range of individual standards and documents. A number of these are already well known, and indeed, have been published. Others are scheduled for publication, with final numbering and publication details yet to be determined.

The following matrix reflects the current known position for the major operational standards in the series:

ISO 27001
This is the specification for an information security management system (an ISMS) which replaced the old BS7799-2 standard
ISO 27002
This is the 27000 series standard number of what was originally the ISO 17799 standard (which itself was formerly known as BS7799-1)..
ISO 27003
This will be the official number of a new standard intended to offer guidance for the implementation of an ISMS (IS Management System) . 
ISO 27004
This standard covers information security system management measurement and metrics, including suggested ISO27002 aligned controls..
ISO 27005
This is the methodology independent ISO standard for information security risk management..
ISO 27006
This standard provides guidelines for the accreditation of organizations offering ISMS certification.



시간날때 한번 차근차근 살펴 봐야겠습니다.  뭐 보안에 대한 공부는 해도해도 끝이 없나 봅니다. 너무 욕심이 많은 걸까요?
아니면 해야 되니까 하는걸까요?  아마도 해야 되니까 하는게 맞는 듯 싶네요.. 그만큼 기술에 발전에 맞추어 제도운영의 변화와  정보보호에 대한 관리체계도 변화되면서 적응을 해야 한다는 소리이겠지요..

신고
Posted by 엔시스
TAG