ISO/IEC 2700x

CFN People have practical experience with implementing standards from the ISO/IEC 2700x series. We also have practical experience ensuring the compliance between the ITIL® processes and the Information Security topics, leaving you with processes, that are compliant to information security.

ISO/IEC 27000 is the generic name assigned for standards related to information security issues and topics.

The goal of ISO/IEC 27000 series is to provide information to parties responsible for implementing information security within an organization. It can be seen as a best practice for developing and maintaining security standards and management practices within an organization to improve reliability on information security in an inter-organizational relationships. The standard stresses the importance of risk management and makes it clear that one does not have to implement every stated guideline, only those that are relevant.

ISO/IEC 2700x is usually implemented subject to one or more of the following business cases:

• Defining an information security management system and applying best practice in security management based on a systematic approach
  
• Identifying critical assets via the business risk assessment
  
• Enhancing the knowledge and importance of security-related issues at the management level
  
• Defining responsibility and organizational structures for information security
  
• Need for a basis for certification of the information security management system
  
• Need for contractual relationships
  

ISO 27001

ISO 27001 is the specification for ISMS (Information Security Management System). It is a security standard against which formal certification is available. It is intended to cover all types of organizations. ISO 27001 began its life as a BSI standard: BS7799-2.

ISO 27002

ISO 27002 standard is intended to be used in conjunction with ISO 27001. This is a specification for a management system: part of which is the selection of controls as appropriate. Those controls are broadly described by ISO 27002. Importantly, ISO 27002 is technology independent. It focuses upon the management aspects of information security, defining controls in a generic sense so that they are applicable across different applications, platforms, and technologies. ISO 27002 began its life as code of practice published by the UK government. This evolved into a BSI standard (BS7799) which further evolved into an ISO standard (ISO 17799) – later on renamed to ISO 27002:2007.

DS 484

DS 484 is Danish information security standard based on ISO/IEC 2700x series. It has less weight on establishing an Information Security Management System than the international standard. Furthermore it gives the organization an additional opportunity to pick out the security statements that are relevant for that specific organization.

Copyright © 2011 CFN People A/S. All Rights Reserved.

Contact us | About CFN People A/S | Copyright and trademark information