ISO 27000 is an internationally-recognized standard of good practice for information security, ISO/IEC 27001 specifies an Information Security Management System (ISMS) a suite of activities concerning the management of information risks into an overarching management framework through which the organization identifies, analyzes and addresses its information risks.
It is explicitly concerned with information security (data, documentation, knowledge and intellectual property) and not just IT/systems security. It ensures security arrangements are constantly updated and tuned to keep pace with changes to the security threats, vulnerabilities and business impacts - an important aspect in a dynamic field, and a key advantage of ISO27k’s flexible risk-driven approach as compared to PCI-DSS. It does not formally mandate specific information security controls since the ones required vary greatly among a wide range of organizations.
View the Cybersecurity Dictionary for top terms searched by your peers.