[MUSIC] The ISO.IEC 27000 series of standards is a series of information on Security Management Standards, jointly published by ISO and the IEC. ISO is the International Organization for Standardization, while IEC refers to the International Electrotechnical Commission. These standards dominate how information security management is done today. The series provides definitions of basic terminology. Descriptions on how to establish and operate an information security management system. Guidance on security controls and guidance on risk assessment and security audit. The ISO 27000 series also includes a range of cyber specific supplements that can be used to adapt security processes to specific sectors like cloud services or telecoms. The 27000 is constructed in five categories. The first category includes The 27000 standard. And it's basically terminology and definitions. The second category covers requirement standards and includes 27001, 27006 and 27009. The ISO 27001 sets down the requirements for an implementation of an information security management system. These requirements allow organizations to claim compliance against ISO 27001. As a result, this is the key standard in the whole 27000 series. The ISO 27006 establishes the requirements for bodies providing audit and certification of information security management systems. These requirements must be fulfilled by any organization willing to provide ISMS certification. The ISO 27009 explains how to include additional requirements for a specific sectors. The third category of standards included in the 27000 series are the Guidelines standards. These include 27002, 27003, 27004, 27005, 27007, 27013 and 27014. The 27002 provides a catalog of security controls and guidance on their use. This is the oldest member of the series and this a direct descendent of the BS7799. 27003 provides ISMS implementation guidance. 270004 provides guidance on how to measure the effectiveness of an ISMS and its controls. 27005 deals with risk management. And finally, 27007 is related towards a team. The fourth category for standards are Sector-Specific standards, these includes 27010, 11, 15, 17, 18 and 19. These standards are applicable to specific sectors, like telecommunications, financial services, cloud services, and personally identifiable information processors. Finally, the last category includes the control specific guideline standards. These provide a more detailed set of guidelines for guiding security controls mentioned across the rest of the documents of the series. These include, among others, 27031, which describes guidelines to ensure business continuity, the 27032, which provides guidelines for cybersecurity, and the 27033 which describes network security concepts. The 27000 series of standards are developed by the ISO/IEC joint technical committee 1, subcommittee 27, hence the name of the series. As you may imagine, the information included in these standards must be updated frequently to reflect the new developments, and threats in business sectors. The members of subcommittee 27 meet twice a year in person to update and propose new documents to be added to the 27000 series. The 27000 series is a set of information security standards that establishes a set of requirements, recommendations and guidelines to implement information security. The ISO 27001 is the most important standard of the series. Organizations can request to be certified against this standard. When an organization obtains a 27001 certification, it means that a third party has verified that the organization implements an information security management system that will fill all the requirements of the 27001 standard. [MUSIC]