ISO/IEC INTERNATIONAL STANDARD 27000 Fifth edition 2018-02 Information technology Security techniques Information security management systems Overview and vocabulary Technologies de I'information - Techniques de seécurité - Systemes de management de la sécurité de I'information - Vue d'ensemble et vocabulaire Reference number IEC IS0/IEC 27000:2018(E) S Copyright Intenational Organization for Standardization @IS0/IEC 2018 JACKEY, MA ut license from IHS IS0/IEC 27000:2018(E) COPYRIGHTPROTECTEDDOCUMENT @ IS0/IEC 2018 All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior written permission. Permission can be requested from either IsO at the address below or Iso's member body in the country of the requester. ISO copyright office CP 40i : Ch. de Blandonnet 8 CH-1214 Vernier, Geneva, Switzerland Tel. +41 22 749 01 11 Fax +4122 749 09 47 [email protected] www.iso.org Published in Switzerland @ IS0/IEC 2018 - All rights reserved icensee=Nanyang Technological Univ/5926867100, User=JACKEY, MA No reproduction or networking permitted without license from IHS NotforResale,02/23/201805:23:08MST IS0/IEC 27000:2018(E) Contents Page Foreword ..iv Introduction. ... 1 Scope 2 Normative references 3 Terms and definitions 4 Information security management systems .11 4.1 General .11 4.2 What is an ISMS?. .11 4.2.1 Overview and principles ..11 4.2.2 Information. ..12 4.2.3 Information security. ..12 4.2.4 Management. .12 4.2.5 Management system. ..13 4.3 Process approach. ..13 4.4 Why an ISMS is important .13 4.5 Establishing, monitoring, maintaining and improving an ISMs .14 4.5.1 Overview... ..14 4.5.2 Identifying information security requirements ..14 4.5.3 Assessing information security risks ..15 4.5.4 Treating information security risks. ..15 4.5.5 Selecting and implementing controls .15 4.5.6 Monitor, maintain and improve the effectiveness of the ISMS ..16 4.5.7 Continual improvement. .16 4.6 ISMS critical success factors. .17 4.7 Benefits of the ISMS family of standards .17 5 ISMS family of standards. .18 5.1 General information. .18 5.2 Standard describing an overview and terminology: IS0/IEC 27000 (this document) .19 5.3 Standards specifying requirements 19 5.3.1 IS0/IEC 27001 .19 5.3.2 IS0/IEC 27006 20 5.3.3 IS0/IEC 27009 20 5.4 Standards describing general guidelines. 20 5.4.1 IS0/IEC 27002 .20 5.4.2 IS0/IEC 27003 .20 5.4.3 IS0/IEC27004 21 5.4.4 ISO/IEC27005 21 5.4.5 IS0/IEC 27007 21 5.4.6 IS0/IECTR27008 21 5.4.7 ISO/IEC 27013 22 5.4.8 IS0/IEC27014. .22 5.4.9 IS0/IECTR27016 22 5.4.10 ISO/IEC 27021 22 5.5 Standards describing sector-specific guidelines .23 5.5.1 ISO/IEC 27010 .23 5.5.2 IS0/IEC27011 23 5.5.3 ISO/IEC27017 23 5.5.4 IS0/IEC 27018 24 5.5.5 IS0/IEC27019 .24 5.5.6 ISO27799. 25 Bibliography .26 iii JACKEY, MA ithout license from IHS