Chapter 3. ISO27001 and the Management System Requirements

As with most topics, there are international standards that deal with information security management, and the main one is ISO27001: 2005. [5]

[5] Other standards that have been used in referencing information security management over a number of years include BS7799 and ISO17799, but ISO27001 is now the standard for the specification of an information security management system. ISO27002 provides guidance on the implementation of information security.

This standard defines a project approach to aid the design and implementation of an ISMS, and uses the well-recognised Plan—Do—Check—Act model (P-D-C-A) to structure the tasks required to introduce an effective ISMS.

The P-D-C-A cycle can ...

Get An Introduction to Information Security and ISO27001: A Pocket Guide now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.