Citation[]
ISO/IEC 27001:2005: Information Security Management Systems — Requirements (Summary).
Overview[]
ISO/IEC 27001:2005 is
“ | an auditable international standard that specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented Information Security Management System (ISMS) within the context of the organization's overall business risks. It uses a process approach for protection of critical information.[1] | ” |
It "is an advisory standard that is meant to be interpreted and applied to all types and sizes of organization according to the particular information security risks they face. In practice, this flexibility gives users a lot of latitude to adopt the detailed information security controls that make sense to them, but can make compliance testing more complex than some other formal certification schemes."[2]
References[]
- ↑ Guidelines for Smart Grid Cyber Security, Vol. 3, at I-7.
- ↑ Cloud Security Standards: What to Expect & What to Negotiate, at 8.