Keeping an eye on information security

25.12.2020
Alternate Text

Safeguarding a company’s information against data breaches and hacking is an increasingly complex affair, often involving many systems, tools and people to get it right. However, all the best efforts in the world can lead to failure if the whole system is not effectively governed to ensure visibility over what works and doesn’t, and how it all fits within organizational structures and strategies. The internationally agreed standard for IS governance has just been updated.

ISO/IEC 27014Information security, cybersecurity and privacy protection – Governance of information security, provides guidance on concepts, objectives and processes for the governance of information security, by which organizations can evaluate, direct, monitor and communicate an information security management system (ISMS) based on ISO/IEC 27001.

Dr Edward Humphreys, Convenor of the joint ISO and IEC working group of experts that developed the standard, said: "This new edition of ISO/IEC 27014 is a key companion to ISO/IEC 27001 as it is fundamental to the information security governance activities embedded in the scope of an ISMS, and in the context of the overall organizational governance."

The standard has recently been updated to improve clarity and structure and features new information. It has been aligned with ISO/IEC 27001, Information technology – Security techniques – Information security management systems – Requirements, while also remaining relevant to the broader scope of governance requirements of an organization.

ISO/IEC 27014 will be joined by several other standards for information security currently being developed by the same expert committee. These are:

  • ISO/IEC 27002Information technology – Security techniques – Code of practice for information security controls
  • ISO/IEC TS 27110, Information technology, cybersecurity and privacy protection – Cybersecurity framework development guidelines
  • ISO/IEC TS 27100, Information technology – Cybersecurity – Overview and concepts
  • ISO/IEC 27005Information technology – Security techniques – Information security risk management

They are, or will be, available from our e-shop.

Contact

standard@evs.ee
+372 605 5060
Akadeemia tee 21/6, Tallinn, 12618, Estonia
Reg. code 80120020
Eesti Standardimis- ja Akrediteerimiskeskus MTÜ
E-N 8:30-17:00 R 8:30-16:00

Assistance in ordering

Direct links

Mastercard
Visa
Paypal
Swedbank
SEB
Luminor
LHV
Copyright © 2024 EVS. All rights reserved.