CHAPTER 6: OVERVIEW OF ISO/IEC 27001:2005
The formal title of this standard is ‘Information Technology – Security Techniques – Information Security Management Systems – Requirements’. From October 2005, it replaced BS7799-2:2002, which was withdrawn. In the United Kingdom it is dual-numbered, as BS7799-2:2005.
Including end pieces, this standard is only 44 pages long. The core of the standard is contained in the nine pages that set out the specifications for the design and implementation of an information security management system, and in the 17 pages of Annex A, which contain the 133 individual controls which must, under the Standard, be considered for applicability.
The ISMS specification is contained in Clauses 4 to 8 of ISO27001.
The standard’s ...
Get ISO27001 / ISO27002 A Pocket Guide now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
