1 Security Management System Standards

To give organizations a starting point to develop their own security management systems, the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) have developed a family of standards known as the Information Security Management System 27000 Family of Standards. This group of standards, starting with ISO/IEC 27001, gives organizations the ability to certify their security management systems. For more details see WWW.ISO.ORG. As an alternative some organizations are following the SANS 20 Critical Security Controls (http://www.sans.org/critical-security-controls/) set of twenty ...