AN INTRODUCTION TO ISO/IEC 27001:2013

Available format(s)

Hardcopy , PDF

Language(s)

English

Published date

01-01-2013

Publisher

British Standards Institution

Foreword
Acknowledgements
Chapter 1 - Information security management systems
Chapter 2 - Management system-specific requirements
Chapter 3 - Information security-specific requirements
Chapter 4 - Implementation guidance
Compendium of definitions
Bibliography

Describes the new requirements and gives fresh insights into understanding management systems in general and ISMSs in particular and provides advice on risk assessment and risk treatment, a clear explanation of the purpose of the 'Statement of Applicability' (SOA) and advice on determining controls in practice.

Committee	ZBIP/2
DocumentType	Standard
Pages	156
PublisherName	British Standards Institution
Status	Current

ISO/IEC 27001:2013	Information technology — Security techniques — Information security management systems — Requirements
ISO/IEC 27003:2017	Information technology — Security techniques — Information security management systems — Guidance
BS EN ISO/IEC 17021:2011	Conformity assessment. Requirements for bodies providing audit and certification of management systems
ISO/IEC 27004:2016	Information technology — Security techniques — Information security management — Monitoring, measurement, analysis and evaluation
ISO 31000:2009	Risk management Principles and guidelines
ISO 22301:2012	Societal security Business continuity management systems Requirements
ISO/IEC 27006:2015	Information technology — Security techniques — Requirements for bodies providing audit and certification of information security management systems
ISO/IEC 27014:2013	Information technology Security techniques Governance of information security
ISO/IEC 27002:2013	Information technology Security techniques Code of practice for information security controls
BS 7799-1:1995	Information security management Code of practice for information security management systems
ISO/IEC 27010:2015	Information technology Security techniques Information security management for inter-sector and inter-organizational communications
ISO/IEC 27011:2016	Information technology — Security techniques — Code of practice for Information security controls based on ISO/IEC 27002 for telecommunications organizations
ISO/IEC 27005:2011	Information technology Security techniques Information security risk management
ISO 14001:2015	Environmental management systems — Requirements with guidance for use
ISO 9001:2015	Quality management systems — Requirements
ISO/IEC TR 27008:2011	Information technology Security techniques Guidelines for auditors on information security controls
ISO/IEC 27007:2017	Information technology Security techniques Guidelines for information security management systems auditing
ISO/IEC 27013:2015	Information technology Security techniques Guidance on the integrated implementation of ISO/IEC 27001 and ISO/IEC 20000-1
BS 7799-2:1998	Information security management Specification for information security management systems
ISO/IEC 27000:2016	Information technology Security techniques Information security management systems Overview and vocabulary
BS PAS 99(2012) : 2012	SPECIFICATION OF COMMON MANAGEMENT SYSTEM REQUIREMENTS AS A FRAMEWORK FOR INTEGRATION
ISO 27799:2016	Health informatics Information security management in health using ISO/IEC 27002
ISO/IEC 15939:2007	Systems and software engineering Measurement process