ISO/IEC 2. 70. 00 glossary standard. Please support our sponsors: ISO/IEC 2. Information technology — Security techniques — Information security management systems - Overview and vocabulary (fourth edition) Introduction and scope. ISO/IEC 2. 70. 00 “provides an overview of information security management systems” (and hence the ISO2. Information security, like most technical subjects, uses a complex web of terminology that is continually evolving. Several core terms in information security (such as “risk”) have different meanings or interpretations according to the context, the author’s intention and the reader’s preconceptions. Few authors take the trouble to define precisely what they mean but such ambiguity is distinctly unhelpful in the standards arena as it leads to confusion. Apart from anything else, it would be awkward to assess and certify compliance with ISO/IEC 2. The vocabulary in ISO/IEC 2. Even if you happen to disagree with the definitions here, it’s well worth getting familiar with them as some of your professional contacts will implicitly accept the ISO/IEC versions. ISO/IEC 2. 70. 00 largely supersedes ISO/IEC Guide 2: 1. Standardization and related activities – General vocabulary”, ISO Guide 7. Portal de información general sobre ISO 27001 - ISO 27002 - ISO 17799 - ISO 27000 - Sistemas de Gestión de Seguridad de la Información - SGSI - estándar de.
Risk management – Vocabulary – Guidelines for use in standards”, and ISO/IEC 2. Information technology - Vocabulary Part 8: Security”. It also includes definitions taken from a few non- ISO2. ISO standards. Terms that are reproduced unchanged from other ISO standards such as ISO 9. They are not necessarily used in the ISO2. However, as the definitions are gradually updated or superseded, the lexicon is evolving into a reasonably coherent and consistent state across the whole ISO2. ISMS/ISO2. 7k overview section. The overview of Information Security Management Systems (ISMSs) introduces information security, risk and security management, and management systems. It is a reasonably clear if rather wordy description of the ISO2. There’s only one diagram, unfortunately, and all that does is group similar types of ISO2. Status of the standard. ISO/IEC 2. 70. 00, first published in 2. The 2. 01. 6 fourth edition is available as a legitimate FREE download in both English et Francaise. The SC 2. 7 project maintaining ISO/IEC 2. Standing Document (WG1 SD6) on terminology. A minor revision to ISO/IEC 2. MPLS for Dummies 1 Richard A Steenbergen <[email protected]> nLayer Communications, Inc. Proposed new terms and modified definitions may include: disaster recovery, owner, risk source and traceability. The definition of policy may be dropped since the Oxford English Dictionary definition is adequate (better in fact!), while asset may yet make a triumphant reappearance, perhaps being defined in terms of primary assets (such as information) and supporting assets (such as IT systems) as if that helps .. Personal comments. I wish the committee would replace “information security risk” throughout ISO2.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |