The practical rule of information security management ISO 27000 is the predecessor of the British BS7799 standard. This standard was proposed by the British Standards Institution (BSI) in February 1995 and revised in May 1995. The BSI revised the standard again in 1999. BS7799 is divided into two parts:
- BS7799-1, Implementation Rules for Information Security Management
- BS7799-2, Information Security Management System Specification.
The first part provides recommendations for information security management for use by those responsible for initiating, implementing, or maintaining security in their organization; the second part describes the requirements for establishing, implementing, and documenting an information security management system (ISMS) and provides for The needs of the organization should implement the requirements for security controls.
In 2000, the International Organization for Standardization (ISO) formulated and adopted the ISO17799 standard on the basis of BS7799-1. BS7799-2 was also revised in 2002 by BSI. The ISO organization revised ISO 17799 again in 2005. BS7799-2 was also adopted as ISO27001: 2005.
ISO 27001 is one of the ISO 27000 standard family. It contains 11 chapters. It is mainly for the risk control of information assets. It is also to protect the overall service capabilities of the enterprise and indirectly guarantee the quality of customer service.
1) Security policy
2) Information security organization
3) Asset management
4) Human resources security
5) Physical and environmental security
6) Communication and operation management
7) Access control
8) System system acquisition, development and maintenance
9) Information security incident management
10) Business Continuity Management