Optiv Cybersecurity Dictionary

What is ISO 27000?

ISO 27000 is an internationally recognized standard of good practice for information security. ISO/IEC 27001 specifies an information security management system (ISMS) that incorporates with an overarching management framework through which an organization can identify, analyze and address its information risks. 

 

ISO 27000 is explicitly concerned with information security  (data, documentation, knowledge and intellectual property) and not just IT/systems security. It ensures security arrangements are constantly updated and tuned to keep pace with changes to the security threats, vulnerabilities and business impacts, which is an important aspect in a dynamic field and a key advantage of ISO27k's flexible, risk-driven approach as compared to PCI-DSS.

Contact Us