العربية
中国
Français
Deutsch
Ελληνική
हिन्दी
Italiano
日本語
Português
Русский
EspañolISO/IEC 27004
'ISO/IEC 27004' is an information security standard being currently developped by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). Its current title is ''Information technology -- Security techniques -- Information security management measurements''.
The purpose of ISO/IEC 27004 is to help organizations measure and report the effectiveness of their information security management systems, covering both the security management processes and the controls. Publication is not expected until 2008.
ISO/IEC 27004 is part of a growing family of ISO/IEC ISMS standards, the 'ISO/IEC 27000 series'. The others (most of which are in preparation) include:
★ ISO/IEC 27000 - a standard vocabulary for the ISMS standards (in preparation)
★ ISO/IEC 27001 - the certification standard against which organizations' ISMS may be certified (published in 2005)
★ ISO/IEC 27002 - the code of practice for information security management
★ ISO/IEC 27003 - a new ISMS implementation guide
★ ISO/IEC 27005 - a standard for risk management, potentially related to the current British Standard BS 7799 part 3
★ ISO/IEC 27006 - a guide to the certification/registration process
★ ISO/IEC 27007 - a guideline for auditing information security management systems (in preparation)
★ ISO/IEC 27799 - guidance on implementing ISO/IEC 27002 in the healthcare industry
★ ISO Website
The purpose of ISO/IEC 27004 is to help organizations measure and report the effectiveness of their information security management systems, covering both the security management processes and the controls. Publication is not expected until 2008.
| Contents |
| The ISO/IEC 27000 series |
| External links |
The ISO/IEC 27000 series
ISO/IEC 27004 is part of a growing family of ISO/IEC ISMS standards, the 'ISO/IEC 27000 series'. The others (most of which are in preparation) include:
★ ISO/IEC 27000 - a standard vocabulary for the ISMS standards (in preparation)
★ ISO/IEC 27001 - the certification standard against which organizations' ISMS may be certified (published in 2005)
★ ISO/IEC 27002 - the code of practice for information security management
★ ISO/IEC 27003 - a new ISMS implementation guide
★ ISO/IEC 27005 - a standard for risk management, potentially related to the current British Standard BS 7799 part 3
★ ISO/IEC 27006 - a guide to the certification/registration process
★ ISO/IEC 27007 - a guideline for auditing information security management systems (in preparation)
★ ISO/IEC 27799 - guidance on implementing ISO/IEC 27002 in the healthcare industry
External links
★ ISO Website
This article provided by Wikipedia. To edit the contents of this article, click here for original source.
psst.. try this: add to faves
