ISO 27000

The First Step To Standard: ISO 27000

CISO News

ISO 27000 is a series of family information security management standards. Also, a security system that easily adopt the risk in cyberworld.

History About ISO 27000

  • 1995 – a British Standard published the BS 7799, which gave a rise to the ISO 27000 series.
  • 1999 – 4 years later, it was revise and generated in 3 Standard Series.
  1. The BS 7799-1 The Code of practice for information security management.
  2. The BS 7799-2 Information Security Management System.
  3. And BS 7799-3 Guidelines for Risk Management.
  • 2000 – the standard BS 7799-1 is identify as ISO 17799 standard. 
  • 2001 – 2005 – The ISO 17799 standard was revised in result in a new ISO 17799
  • 2005 – in the same, the BS 7799-2 was also adopted by ISO. It also, received the numbering of 27000.
  • 2007 – the ISO 17799 standard was renumber as ISO/IEC 27002. Integrating the ISO 27000 series.

And that’s how ISO 2700 evolution. However, the ISO 27000 Family didn’t stop there.

The ISO or The International Organization for Standardization is an organization that is maintaining and expert team. Moreover, their focus is to help the organization to implement the appropriate structure for managing assets

Such as the following:


Ads by CISO-Portal





  • Financial Information
  • Intellectual Property
  • Data Employees
  • Customers
  • Third Parties

or any corporations that bring valuable information. 

The Scope of ISO 27000 Family

The organization standard is to enable all types and sizes of ISMS or Information Security Management System. 

Also, ISO 27000 has an ordering system according to its number.

27001 – ISMS – Requirements

27002 – Code of practices in ISC

27003 – Implementation Guide for the ISMS

27004 – ISM – Measurement. Using the Metrics.

27005 – Information Security Risk Management

27006 – Requirements for auditing companies and certification of ISMS

27007 – Audit Guidelines on ISMS

27008 – Guidelines for Auditor on ISC

27010 – Information security management to inter-sector and inter-organization communication.

27011 – Guidelines for information security management in telecommunication organization

27013- Guidelines for the Integrated Implementation.

27014 – Governance of Information Security.

TR 27015 – Guidelines for the management of information security in financial services.

TR 27016 – For Economy Companies

The following series is for the basis of ISMS. Also, it is the international standards for creation and operation.

Furthermore, It was a result of the experts and considered as the standardization for information security.

Information Security Management System (ISMS)

The ISMS is concentrating on policies, procedures, guidelines, and resources for the protection of the organization’s assets. Also, the ISMS consolidates a systematic approach in the following:

  • Establishing
  • Implementing
  • Operating
  • Monitoring
  • Revising
  • Improving

Moreover, it applies to strategic business goals. Lastly, the concepts of ISMS are based on evaluation and acceptance of risk.

Benefits of ISO 27000 Family 

Therefore with the ISO 27000 and implementation of ISMS its probability or impact caused by information security incidents is reduced. 

But also the following list below is the other benefits in ISO 27000 Family:

  • Firstly, the method is more organized in implementing and operating the ISMS
  • Secondly, the assistance is given for managing Information Security.
  • Thirdly, the alignment of best practices in the specific needs of each business that is globally accepted.
  • Lastly, the credibility of the organizations with their employees and the market.
Our Score

Ads by CISO-Portal





Leave a Reply

Your email address will not be published. Required fields are marked *