ISO/IEC 27003
From Wikipedia, the free encyclopedia
ISO/IEC 27003 part of a growing family of ISO/IEC ISMS standards, the 'ISO/IEC 27000 series' is an information security standard being currently developed by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). Its current title is Information Technology - Security techniques. Information security management system implementation guidance.
The purpose of ISO/IEC 27003 is to provide help and guidance in implementing an ISMS (Information Security Management System). Publication is not expected until late 2008 or early 2009.
[edit] Outline of the Standard
The proposed standard originally contained the following sections:
- 1. Introduction
- 2. Scope
- 3. Terms & Definitions
- 4. CSFs (Critical success factors)
- 5. Guidance on process approach
- 6. Guidance on using PDCA
- 7. Guidance on Plan Process
- 8. Guidance on Do Process
- 9. Guidance on Check Process
- 10. Guidance on Act Process
- 11. Inter-Organization Co-operation
