Wednesday, September 19, 2007

ISO 27000 Standard Groupings

Speculation has recently been rife regarding the future numbering system for the ISO 27000 series of standards. We know as a matter of fact the content areas of ISO 27001 through 27008. We also know about 27011, 27031, 27032, 27033 and 27799.

Although everything else lacks any form of confirmation, there is a logic being frequently quoted which at least gives some credibility to the stories.

The suggestion is that ISO 27010 through ISO 27019 will all cover information security within specific fields and industries. The following have in fact been quoted on a number of Spanish language websites:
  • ISO 27012: Guidelines for Finance
  • ISO 27013: Guidelines for Manufacturing
  • ISO 27015: Accreditation Guidelines
  • ISO 27016: Auditing and Reviews
It is also suggested that ISO 27030 through ISO 27044 will cover the technical areas of information security, such as cyber security, intrusion detection and trusted third party authentication.

Again, there is some supporting evidence for this, but equally, nothing at all in the way of confirmation.

If any reader of this log can clarify any of this, or provide additional information, please comment below.


Labels: , ,

posted by ISO 27001 Reporter @ 6:51 AM   0 Comments  

Saturday, August 18, 2007

ISO 2703n: Latest Developments

A little more has emerged on the emerging subset of ISO27k standards ISO27031-40. The following reflects the current position as we understand it.

ISO/IEC 27031
Information technology Information technology – Security Security techniques techniques - ICT readiness for business continuity

ISO/IEC 27032
Information technology - Security techniques - Guidelines for Cybersecurity (Suggested)

ISO/IEC 27033
As referenced in previous articles, this is the revision of ISO 18028. It comprises seven distinct parts:

ISO 27033-1
Information technology Information technology – Security techniques Security techniques - Network security Network security – Guidelines for network security

ISO 27033-2
Information technology Information technology – Security techniques Security techniques - Network security Network security – Guidelines for the design and implementation of network

ISO 27033-3
IT network security - Reference networking scenarios - Risks, design, technologies and control issues

ISO 27033-4
IT network security - Security network information with network security gateways - Risks, design techniques and control issues

ISO 27033-5
IT network security - Secure remote access - Risks, design techniques and control issues

ISO 27033-6
IT network security - Securing communications across networks using Virtual Private Networks

ISO 27033-7
IT network security - Guidelines for the design and implementation of network security


ISO/IEC 27034
Information technology Information technology –Security techniques Security techniques - Guidelines for application security


These at are various stages of the publication process, with at least one still at the proposal stage.

Labels: , , , , ,

posted by ISO 27001 Reporter @ 5:56 AM   0 Comments