The ISO 27000 standard provides an overview and introduction to the ISO 27000 family, which is a series of international standards focused on information security management systems (ISMS). These standards guide organizations in establishing, implementing, maintaining, and continually improving their ISMS to protect information assets against threats such as unauthorized access, data breaches, and cyberattacks. ISO 27000 explains the fundamental concepts, principles, and terminology of information security, emphasizing the importance of managing risks to confidentiality, integrity, and availability of data. It sets the foundation for other standards in the series, such as ISO 27001 (requirements for ISMS) and ISO 27002 (guidance on security controls), and helps organizations of any size or sector systematically manage sensitive information and comply with legal and regulatory requirements.
Publication's URL
https://www.iso.org/standard/73906.htmlAdditional documents on this topic
- NYDFS Part 500
- ISO/IEC 27001:2022 Information security, cybersecurity and privacy protection — Information security management systems — Requirements
- NIST SP 800-37 Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy
- ISO/IEC 27003:2017 Information technology — Security techniques — Information security management systems — Guidance
- US Federal Information Security Modernization Act of 2014 (FISMA)