INFORMATION TECHNOLOGY- SECURITY TECHNIQUES - INFORMATION SECURITY MANAGEMENT SYSTEMS - REQUIREMENTS
(ISO/IEC 27001:2005, IDT)
This International Standard covers all types of organizations (e.g. commercial enterprises, government agencies, non-profit organizations). This International Standard specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented ISMS within the context of the organization’s overall business risks. It specifies requirements for the implementation of security controls customized to the needs of individual organizations or parts thereof.
The ISMS is designed to ensure the selection of adequate and proportionate security controls that protect information assets and give confidence to interested parties.
NOTE 1: References to ‘business’ in this International Standard should be interpreted broadly to mean those activities that are core to the purposes for the organization’s existence.
NOTE 2: ISO/IEC 17799 provides implementation guidance that can be used when designing controls.
Withdraw
N/A
PDF
30/12/2015
45
NSC 07 - Information Technology, Communications & Multimedia
