Skip to main content
ISO 27000

ISO 27000


ISO 27000

ISO 27000 is an internationally-recognized standard of good practice for information security, ISO/IEC 27001 specifies an Information Security Management System (ISMS) a suite of activities concerning the management of information risks into an overarching management framework through which the organization identifies, analyzes and addresses its information risks. 

It is explicitly concerned with information security  (data, documentation, knowledge and intellectual property) and not just IT/systems security.  It ensures security arrangements are constantly updated and tuned to keep pace with changes to the security threats, vulnerabilities and business impacts - an important aspect in a dynamic field, and a key advantage of ISO27k’s flexible risk-driven approach as compared to PCI-DSS. It does not formally mandate specific information security controls since the ones required vary greatly among a wide range of organizations. 

Seeking Clarity?

View the Cybersecurity Dictionary for top terms searched by your peers.

Explore the Dictionary

Related Assets

February 16, 2017

In Focus: Governance, Risk and Compliance

Federal News Radio | February 16, 2017 Stewardship and management of the federal government’s many missions requires a sound approach to governance, ...

See Details

How Can We Help?

Let us know what you need, and we will have an Optiv professional contact you shortly.

Privacy Policy

Stay in the Know

For all the latest cybersecurity and Optiv news, subscribe to our blog and connect with us on Social.


Join our Email List

We take your privacy seriously and promise never to share your email with anyone.

Stay Connected

Find cybersecurity Events in your area.