The ISO 27000 series is a set of important security documents released by the International Organization for Standardization (ISO) to provide a guideline for best practices in IT security management, ISMS development and organizational security and risk management practices. The earlier documents (27001, 27002, etc.) serve as a baseline for this series, and many of the following documents build from that foundation.

Later documents in the series develop guidelines describing more specialized applications. One of these, ISO 27017, address security practices for the expanding area of cloud infrastructure that most of our business operations rely on.

Awareness Continuum GRC

What is ISO 27004 and ISMS Monitoring?

Oct 13, 2021 Continuum GRC 0 Comment

You’ve studied ISO 27001 and, either internally or through the help of a security partner, you’ve implemented the security controls and practices therein to achieve compliance. Now, per ISO standards, it’s on you to continually monitor your ISMS, measure performance and effectiveness, and determine success. With complex ISMS, however, this can seem like a daunting prospect. Thankfully, ISO provides a framework for monitoring and measurement in the 27000 series–the ISO 27004 publication on monitoring, measurement, analysis and evaluation of information technology.

As part of our series on the ISO 27000 series, we turn to ISO 27004 to highlight the importance of system monitoring and evaluation from the perspective of this particular framework.

Awareness Continuum GRC

What is ISO 27002 and Why Do I Need to Know About It?

Sep 22, 2021 Continuum GRC 0 Comment

Cybersecurity is integral to any data-driven business, but building an effective cybersecurity apparatus can be challenging, if not outright daunting. Outside of industry-specific regulations, simply grasping the complexity of modern security threats and IT infrastructure has become an intellectual discipline on its own. That’s why compliance frameworks exist to help companies like yours best implement environments that can meet modern cyber threats.

One organization, the ISO, has dedicated significant resources to develop best practices and frameworks for organizations like yours to build effective and scalable cybersecurity systems that meet both the challenges of modern threats and the demands of modern compliance. ISO has released a series of documents, called the ISO 27000 series, to speak directly to these challenges.

While we have previously discussed ISO 27001 and its importance to data-driven businesses, we will now expand that discussion into the next document, ISO 27002, and why it’s important to your organization.