ISO Standard provides guidance on ISMS.

Press Release Summary:



A new International Standard assists organizations in understanding all aspects of information security management systems (ISMS), which serve as a crucial part of risk management strategies. The standard addresses fundamentals, principles, and concepts of ISMS that protect information assets. ISO/IEC 27000:2009, Information technology - Security techniques - Information security management systems - Overview and vocabulary, applies to all types and sizes of organizations.



Original Press Release:



New International Standard Provides Guidance on Information Security Management Systems



Information security management systems (ISMS) are a crucial part of risk management strategies for many organizations. A new International Standard has been developed to assist organizations in understanding all aspects of these systems, including the fundamentals, principles, and concepts of ISMS that protect their information assets.

ISO/IEC 27000:2009, Information technology - Security techniques - Information security management systems - Overview and vocabulary, is applicable to all types and sizes of organizations, including commercial enterprises, government agencies, and non-profit organizations. This newly developed document supplements the ISO/IEC 27000 family of standards by providing an introduction to information security management and defining related terms.

Information is one of an organization's greatest assets, and in today's expanding international business environment, protecting that information is critical. Information assets are often dependent on technology that facilitates the creation, processing, storage, transmittal, and destruction of that information, and these technologies can be vulnerable to a number of threats if not carefully protected.

"Standardized security techniques are becoming mandatory requirements for e-commerce, health care, telecoms, automotive, and many other application areas in both the commercial and government sectors," said Edward Humphreys, convenor of the working group that developed the standard. "ISO/IEC 27000:2009, together with the entire ISO/IEC 27000 family of standards, aims to assist organizations more effectively achieve an appropriate level of information security."

ISO/IEC 27000:2009, Information technology - Security techniques - Information security management systems - Overview and vocabulary, was developed by the International Organization for Standardization (ISO) and International Electrotechnical Committee (IEC) Joint Technical Committee (JTC) 1, Information technology, Subcommittee SC 27, IT Security techniques.

The U.S. leads JTC 1, with the American National Standards Institute (ANSI) holding the secretariat and Karen Higginbottom acting as chairperson. The InterNational Committee for Information Technology Standards (INCITS) serves as the administrator of the ANSI-accredited U.S. Technical Advisory Group (TAG) to SC 27. INCITS is an ANSI member and accredited standards developer.

For more information on ISO/IEC 27000:2009, see the ISO news item.

All Topics