Serious threat to business
Today, all information held and processed by an organization is subject to risk of attack, as well as error, natural disaster and other vulnerabilities inherent to its use. Analyst firm Gartner estimated that worldwide information security spending reached USD 75.4 billion in 2015. The global cybersecurity market will grow to an estimated $170 billion by 2020, according to a report from MarketsandMarkets [ ].
Managing information assets’ security
Information security focuses on information considered a valuable “asset” requiring appropriate protection, for example, against the loss of availability, confidentiality and integrity.
The family of IEC and ISO International Standards on information security management systems (ISMS) enables organizations to implement a robust framework for managing the security of their information assets, including financial data, intellectual property, employee details, and information otherwise entrusted to them by customers or third parties.
The recently revised ISO/IEC 27000, Information technology – Security techniques – Information security management systems – Overview and vocabulary, provides a comprehensive view of information security management systems covered by the ISMS family of Standards and defines related terms and definitions.
Keeping information secure
For an organization to meet its objectives and strengthen its legal compliance and image, the protection of its information assets is essential. The coordinated activities needed to direct the implementation of suitable controls and mitigate unacceptable information security risks are part of what is known as information security management.
ISO/IEC 27000 gives an overview of the ISMS family of Standards (ISO/IEC 27001), how they support the implementation of ISO/IEC 27001, Information technology – Security techniques – Information security management systems – Requirements, and how they relate to each other.
ISO/IEC 27000 also provides a brief introduction to the information security area and information security management systems, describing how to implement, operate, maintain and improve the ISMS.
It provides an understanding of how the ISO/IEC 27001 family fits together through its multi-faceted approach, clarifying the Standards’ scopes, roles, functions and relationship to each other. In addition, ISO/IEC 27000 gathers in one place all the essential terminology used in the ISO/IEC 27001 family.
ISO/IEC 27000:2016 revises the 2010 edition; it has been updated and extended to align with the revised version of ISO/IEC 27001 and other Standards of the family that are currently under review. It was developed by Subcommittee (SC) 27: IT security techniques, of the Joint Technical Committee ISO/IEC JTC 1: Information technology.