From the course: ISO 27001:2022-Compliant Cybersecurity: Getting Started
What is the ISO 27001 standard?
From the course: ISO 27001:2022-Compliant Cybersecurity: Getting Started
What is the ISO 27001 standard?
- [Narrator] The ISO/IEC 27001 standard or more commonly referred to as just ISO 27001, is an internationally recognized standard that defines the requirements for an information security management system or ISMS. You'll learn more about what an ISMS is throughout this course, but for now, think of it as the ideal version of your information security program. ISO 27001 has been widely adopted by organizations around the world who want to demonstrate that they have a strong cybersecurity program. The ISO organization is based out of Geneva, Switzerland and has been around since 1947. They are an independent organization made up of standards organizations from 165 countries. And over the years, they've published more than 20,000 standards relevant to many fields including quality management standards, environmental management standards, health and safety standards, energy management standards, and IT security standards. The most well-known standards published by ISO are the ISO 9000 family which defines requirements for organizations seeking to improve their quality management processes. It's not unusual to see companies proudly displaying that they've been ISO 9001 certified, indicating that they've implemented a quality management system to ensure the quality of the products and services that they deliver. ISO/IEC refers to a joint effort by both the International Organization for Standardization, ISO, and the International Electrotechnical Commission, IEC, to publish standards relating to information technology including the ISO/IEC 27001 standard. ISO 27001 isn't a brand new standard. It was based on an earlier information security standard called British Standard 7799, which was first published back in 1995. BS 7799 had two parts, both of which were adopted by ISO. One part, which described how to implement an information security management system was published by ISO as ISO/IEC 27001 in November, 2005. The other part of BS 7799, which focused on best practices for information security management systems became ISO/IEC 27002 in July, 2007. ISO 27001 and 27002 are part of a family of standards related to information security. Other standards in the ISO/IEC 27000 family include ISO/IEC 27004, monitoring, measurement, analysis and evaluation. ISO/IEC 270005, information security risk management. ISO/IEC 27021, competence requirements for information security management systems professionals. ISO/IEC 27033, network security and many more. ISO and IEC are continuing to update and publish many information security standards. If you want to get your hands on an official copy of the ISO 27001 standard, you'll have to go to the ISO website at iso.org and order it. The cost is 124 Swiss Francs for the PDF version. ISO 27002, which provides implementation guidance for the controls defined in ISO 27001 and other standards are sold separately. If you're serious about implementing ISO 27001 for your organization, I recommend investing in the official copies of both ISO 27001 and ISO 27002. If you could pick only one standard to follow to improve your information security program, ISO 27001 is a solid choice.
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.