ISO27001

ISO/IEC 27001:2005, part of the growing   ISO/IEC 27000 family of standards, is an   information security management system  (ISMS) standard published in October 2005 by the   International Organization for Standardization  (ISO) and the   International Electrotechnical Commission  (IEC). Its full name is   ISO/IEC 27001:2005 – Information technology – Security techniques – Information security management systems – Requirements. As of July 2013, a new version is in draft:   ISO/IEC 27001:2013. ISO 27001:2013 has been available in its release form since 25 September 2013.

<p style="margin-top:0.4em;margin-bottom:0.5em;line-height:19.200000762939453px;color:rgb(0,0,0);font-family:sans-serif;font-size:12.727272033691406px;">ISO/IEC 27001:2005 formally specifies a management system that is intended to bring information security under explicit management control. Being a formal specification means that it mandates specific requirements. Organizations that claim to have adopted ISO/IEC 27001 can therefore be formally audited and certified compliant with the standard (more below).

<p style="margin-top:0.4em;margin-bottom:0.5em;line-height:19.200000762939453px;color:rgb(0,0,0);font-family:sans-serif;font-size:12.727272033691406px;">The standard contains 11 domains (apart from introductory sections):

<p style="margin-bottom:0.1em;">
 * 1) Security policy - management direction
 * 2) Organization of information security - governance of information security
 * 3) Asset management - inventory and classification of information assets
 * 4) Human resources security - security aspects for employees joining, moving and leaving an organization
 * 5) Physical and environmental security - protection of the computer facilities
 * 6) Communications and operations management - management of technical security controls in systems and networks
 * 7) Access control - restriction of access rights to networks, systems, applications, functions and data
 * 8) Information systems acquisition, development and maintenance - building security into applications
 * 9) Information security incident management - anticipating and responding appropriately to information security breaches
 * 10) Business continuity management - protecting, maintaining and recovering business-critical processes and systems
 * 11) Compliance - ensuring conformance with information security policies, standards, laws and regulations

<p style="margin-bottom:0.1em;">(http://en.wikipedia.org/wiki/ISO/IEC_27001:2005)

<p style="margin-bottom:0.1em;">

<p style="margin-bottom:0.1em;">Links

<p style="margin-bottom:0.1em;">http://www.27000.org/index.htm

<p style="margin-bottom:0.1em;">http://www.iso27001security.com/