The low calorie, high fibre, high calcium, tech geeks don't have any time cookbook: SF - 2.03.0

Thursday, June 11, 2026

SF - 2.03.0 - ISO 27000

I suppose I should start the actual frameworks with the ISO 27000 family. Yes, there is an ISO 27000 standard, but it is actually just a guide to the rest of the ISO 27000 family. This is a family of security frameworks addressing a huge range, by now, of various aspects of security.

But the ISO 27000 family really started with ISO 27001, and ISO 27002. And to discuss that, we should really start with British Standard or BS 7799. There is a British standard for pretty much everything. There is in fact a British standard cup of tea. British Standard 7799, originally, was a checklist of approximately 133 items (although it was further broken down into a total of five hundred controls). As the limitations of checklists became evident, that original British Standard 7799 became BS 7799 part 1, and there was a more principle oriented British Standard 7799 part 2. This caught the attention of the International Standards Organization, and they created a standard with principle orientation, which was numbered 27001. However, a lot of people liked the checklist orientation, and so there was subsequently created a 27002 with the 133 component checklist. So British Standard 7799 part 1 is equivalent to ISO 27002, and British Standard 7799 part 2 is equivalent to ISO 27001. I hope that is all quite clear.

British standard 7799, and ISO 27000, and ISO 270001 all refer to information security management systems or ISMS. This is kind of a way to identify people who learned security through either the British Standard or the ISO 27000 family: the reference to ISMS.

As I have mentioned, there is an ISO 27000 standard itself. This is one of the relatively few standards that you do not have to pay for, since it is an umbrella to the overall standard family and covers ISMS fundamentals and vocabulary.

However, as I say, ISO 27000 is a family. There are a number of additional standards associated with the family; an implementation guide, guidance on metrics, risk management, dealings with certification agencies, audit, information security governance, critical infrastructure, and dozens of additional topics.

https://www.youtube.com/watch?v=wXuZm0--ZAE&list=PLUuvftvRsRv7D5PiHIULhhd9M032ej4_i

Security frameworks (SF) series:

Previous: https://fibrecookery.blogspot.com/2026/06/sf-1090-weaknesses.html

Introduction and ToC: https://fibrecookery.blogspot.com/2026/06/security-frameworks-sf-0000-intro-and.html

Next: https://fibrecookery.blogspot.com/2026/06/sf-2060-cobit.html

The low calorie, high fibre, high calcium, tech geeks don't have any time cookbook

Thursday, June 11, 2026

SF - 2.03.0 - ISO 27000

No comments:

Post a Comment