Читать книгу The Official (ISC)2 CISSP CBK Reference - Leslie Fife, Aaron Kraus - Страница 39

ISO/IEC 27001 (sometimes referred to as just ISO 27001) is an information security standard published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). ISO 27001 is the most popular standard within the ISO/IEC 27000 family of standards and is focused on the creation and maintenance of an information security management system (ISMS), which ISO defines as “a systematic approach to managing sensitive company information so that it remains secure.” In plain English, an ISMS is a set of people, processes, and technologies that manages the overall security of a company's systems and data. ISO/IEC 27001 describes the overall components of an ISMS, and this standard is the basis for many organization's security programs.

As of this writing, the most recent revision to ISO/IEC 27001 was in 2013, though its parent, ISO/IEC 27000, was revised in 2018. ISO 27001:2013 contains 114 controls across 14 domains, as follows:

 Information security policies

 Organization of information security

 Human resource security

 Asset management

 Access control

 Cryptography

 Physical and environmental security

 Operations security

 Communications security

 System acquisition, development, and maintenance

 Supplier relationships

 Information security incident management

 Information security aspects of business continuity management

 Compliance