The ISO27000 Family

Loading...

En provenance du cours de University of London

Information Security: Context and Introduction

485 notes

University of London

Information Security: Context and Introduction

485 notes

In this course you will explore information security through some introductory material and gain an appreciation of the scope and context around the subject. This includes a brief introduction to cryptography, security management and network and computer security that allows you to begin the journey into the study of information security and develop your appreciation of some key information security concepts. The course concludes with a discussion around a simple model of the information security industry and explores skills, knowledge and roles so that you can determine and analyse potential career opportunities in this developing profession and consider how you may need to develop personally to attain your career goals. After completing the course you will have gained an awareness of key information security principles regarding information, confidentiality, integrity and availability. You will be able to explain some of the key aspects of information risk and security management, in addition, summarise some of the key aspects in computer and network security, including some appreciation of threats, attacks, exploits and vulnerabilities. You will also gain an awareness of some of the skills, knowledge and roles/careers opportunities within the information security industry.

À partir de la leçon

Security Management

The ISO27000 Family4:19

Security Policies2:45

Security Controls3:01

Rencontrer les enseignants

Professor Peter Komisarczuk
Programme Director
Information Security Group, Royal Holloway, University of London
Professor Keith M. Martin
Professor of Information Security
Information Security Group, Royal Holloway, University of London
Dr Jorge Blasco Alis
Lecturer in Information Security
Information Security Group, Royal Holloway, University of London

[MUSIC]

The ISO.IEC 27000 series of standards is a series of information on

Security Management Standards, jointly published by ISO and the IEC.

ISO is the International Organization for

Standardization, while IEC refers to the International Electrotechnical Commission.

These standards dominate how information security management is done today.

The series provides definitions of basic terminology.

Descriptions on how to establish and

operate an information security management system.

Guidance on security controls and guidance on risk assessment and security audit.

The ISO 27000 series also includes a range of cyber specific supplements that

can be used to adapt security processes to specific sectors like cloud services or

telecoms.

The 27000 is constructed in five categories.

The first category includes The 27000 standard.

And it's basically terminology and definitions.

The second category covers requirement standards and

includes 27001, 27006 and 27009.

The ISO 27001 sets down the requirements for

an implementation of an information security management system.

These requirements allow organizations to claim compliance against ISO 27001.

As a result, this is the key standard in the whole 27000 series.

The ISO 27006 establishes the requirements for bodies providing audit and

certification of information security management systems.

These requirements must be fulfilled by any organization willing to provide

ISMS certification.

The ISO 27009 explains how to include additional requirements for

a specific sectors.

The third category of standards included in the 27000 series are the Guidelines

standards.

These include 27002, 27003, 27004, 27005, 27007, 27013 and 27014.

The 27002 provides a catalog of security controls and guidance

on their use.

This is the oldest member of the series and

this a direct descendent of the BS7799.

27003 provides ISMS implementation guidance.

270004 provides guidance on how to measure the effectiveness of an ISMS and

its controls.

27005 deals with risk management.

And finally, 27007 is related towards a team.

The fourth category for standards are Sector-Specific standards,

these includes 27010, 11, 15, 17, 18 and 19.

These standards are applicable to specific sectors,

like telecommunications, financial services, cloud services, and

personally identifiable information processors.

Finally, the last category includes the control specific guideline standards.

These provide a more detailed set of guidelines for

guiding security controls mentioned across the rest of the documents of the series.

These include, among others, 27031, which describes guidelines to ensure business

continuity, the 27032, which provides guidelines for

cybersecurity, and the 27033 which describes network security concepts.

The 27000 series of standards are developed by the ISO/IEC

joint technical committee 1, subcommittee 27, hence the name of the series.

As you may imagine, the information included in these standards must be updated

frequently to reflect the new developments, and threats in business sectors.

The members of subcommittee 27 meet twice a year in person to update and

propose new documents to be added to the 27000 series.

The 27000 series is a set of information security standards that establishes

a set of requirements, recommendations and

guidelines to implement information security.

The ISO 27001 is the most important standard of the series.

Organizations can request to be certified against this standard.

When an organization obtains a 27001 certification, it means that a third

party has verified that the organization implements an information security

management system that will fill all the requirements of the 27001 standard.

[MUSIC]

Explorer notre catalogue

Rejoignez-nous gratuitement et obtenez des recommendations, des mises à jour et des offres personnalisées.

Coursera propose un accès universel à la meilleure formation au monde, en partenariat avec des universités et des organisations du plus haut niveau, pour proposer des cours en ligne.

© 2019 Coursera Inc. Tous droits réservés.

Télécharger dans l'App Store

Disponible sur Google Play