SIST EN ISO/IEC 27000:2020
(Main)Information technology - Security techniques - Information security management systems - Overview and vocabulary (ISO/IEC 27000:2018)
Information technology - Security techniques - Information security management systems - Overview and vocabulary (ISO/IEC 27000:2018)
EN ISO/IEC 27000 provides the overview of information security management systems (ISMS). It also provides terms and definitions commonly used in the ISMS family of standards.
Informationstechnik - Sicherheitsverfahren - Informationssicherheits-Managementsysteme - Überblick und Terminologie (ISO/IEC 27000:2018)
Technologies de l'information - Techniques de sécurité - Systèmes de management de la sécurité de l'information - Vue d'ensemble et vocabulaire (ISO/IEC 27000:2018)
Informacijska tehnologija - Varnostne tehnike - Sistemi vodenja informacijske varnosti - Pregled in izrazje (ISO/IEC 27000:2018)
General Information
Relations
Standards Content (Sample)
SLOVENSKI STANDARD
01-april-2020
Nadomešča:
SIST EN ISO/IEC 27000:2017
Informacijska tehnologija - Varnostne tehnike - Sistemi vodenja informacijske
varnosti - Pregled in izrazje (ISO/IEC 27000:2018)
Information technology - Security techniques - Information security management
systems - Overview and vocabulary (ISO/IEC 27000:2018)
Informationstechnik - Sicherheitsverfahren - Informationssicherheits-
Managementsysteme - Überblick und Terminologie (ISO/IEC 27000:2018)
Technologies de l'information - Techniques de sécurité - Systèmes de management de
la sécurité de l'information - Vue d'ensemble et vocabulaire (ISO/IEC 27000:2018)
Ta slovenski standard je istoveten z: EN ISO/IEC 27000:2020
ICS:
01.040.35 Informacijska tehnologija. Information technology
(Slovarji) (Vocabularies)
03.100.70 Sistemi vodenja Management systems
35.030 Informacijska varnost IT Security
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.
EUROPEAN STANDARD
EN ISO/IEC 27000
NORME EUROPÉENNE
EUROPÄISCHE NORM
February 2020
ICS 01.040.35; 35.030
Supersedes EN ISO/IEC 27000:2017
English version
Information technology - Security techniques - Information
security management systems - Overview and vocabulary
(ISO/IEC 27000:2018)
Technologies de l'information - Techniques de sécurité Informationstechnik - Sicherheitsverfahren -
- Systèmes de management de la sécurité de Informationssicherheits-Managementsysteme -
l'information - Vue d'ensemble et vocabulaire (ISO/IEC Überblick und Terminologie (ISO/IEC 27000:2018)
27000:2018)
This European Standard was approved by CEN on 20 October 2019.
CEN and CENELEC members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for
giving this European Standard the status of a national standard without any alteration. Up-to-date lists and bibliographical
references concerning such national standards may be obtained on application to the CEN-CENELEC Management Centre or to
any CEN and CENELEC member.
This European Standard exists in three official versions (English, French, German). A version in any other language made by
translation under the responsibility of a CEN and CENELEC member into its own language and notified to the CEN-CENELEC
Management Centre has the same status as the official versions.
CEN and CENELEC members are the national standards bodies and national electrotechnical committees of Austria, Belgium,
Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy,
Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Republic of North Macedonia, Romania, Serbia,
Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and United Kingdom.
CEN-CENELEC Management Centre:
Rue de la Science 23, B-1040 Brussels
© 2020 CEN/CENELEC All rights of exploitation in any form and by any means Ref. No. EN ISO/IEC 27000:2020 E
reserved worldwide for CEN national Members and for
CENELEC Members.
Contents Page
European foreword . 3
European foreword
The text of ISO/IEC 27000:2018 has been prepared by Technical Committee ISO/IEC JTC 1 "Information
technology” of the International Organization for Standardization (ISO) and has been taken over as
the secretariat of which is held by DIN.
This European Standard shall be given the status of a national standard, either by publication of an
identical text or by endorsement, at the latest by August 2020, and conflicting national standards shall
be withdrawn at the latest by August 2020.
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. CEN shall not be held responsible for identifying any or all such patent rights.
This document supersedes EN ISO/IEC 27000:2017.
According to the CEN-CENELEC Internal Regulations, the national standards organizations of the
following countries are bound to implement this European Standard: Austria, Belgium, Bulgaria,
Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland,
Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Republic of
North Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and the
United Kingdom.
Endorsement notice
The text of ISO/IEC 27000:2018 has been approved by CEN as EN ISO/IEC 27000:2020 without any
modification.
INTERNATIONAL ISO/IEC
STANDARD 27000
Fifth edition
2018-02
Information technology — Security
techniques — Information security
management systems — Overview and
vocabulary
Technologies de l'information — Techniques de sécurité — Systèmes
de management de la sécurité de l'information — Vue d'ensemble et
vocabulaire
Reference number
ISO/IEC 27000:2018(E)
©
ISO/IEC 2018
ISO/IEC 27000:2018(E)
© ISO/IEC 2018
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting
on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address
below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva, Switzerland
Tel. +41 22 749 01 11
Fax +41 22 749 09 47
copyright@iso.org
www.iso.org
Published in Switzerland
ii © ISO/IEC 2018 – All rights reserved
ISO/IEC 27000:2018(E)
Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Information security management systems .11
4.1 General .11
4.2 What is an ISMS? .11
4.2.1 Overview and principles .11
4.2.2 Information.12
4.2.3 Information security .12
4.2.4 Management .12
4.2.5 Management system .13
4.3 Process approach .13
4.4 Why an ISMS is important .13
4.5 Establishing, monitoring, maintaining and improving an ISMS .14
4.5.1 Overview .14
4.5.2 Identifying information security requirements .14
4.5.3 Assessing information security risks .15
4.5.4 Treating information security risks . .15
4.5.5 Selecting and implementing controls .15
4.5.6 Monitor, maintain and improve the effectiveness of the ISMS .16
4.5.7 Continual improvement .16
4.6 ISMS critical success factors .17
4.7 Benefits of the ISMS family of standards .17
5 ISMS family of standards .18
5.1 General information .18
5.2 Standard describing an overview and terminology: ISO/IEC 27000 (this document) .19
5.3 Standards specifying requirements .19
5.3.1 ISO/IEC 27001 .19
5.3.2 ISO/IEC 27006 .20
5.3.3 ISO/IEC 27009 .20
5.4 Standards describing general guidelines .20
5.4.1 ISO/IEC 27002 .20
5.4.2 ISO/IEC 27003 .20
5.4.3 ISO/IEC 27004 .21
5.4.4 ISO/IEC 27005 .21
5.4.5 ISO/IEC 27007 .21
5.4.6 ISO/IEC TR 27008 .21
5.4.7 ISO/IEC 27013 .22
5.4.8 ISO/IEC 27014 .22
5.4.9 ISO/IEC TR 27016 .22
5.4.10 ISO/IEC 27021 .22
5.5 Standards describing sector-specific guidelines .23
5.5.1 ISO/IEC 27010 .23
5.5.2 ISO/IEC 27011 .
...
SLOVENSKI STANDARD
01-april-2020
Nadomešča:
SIST EN ISO/IEC 27000:2017
Informacijska tehnologija - Varnostne tehnike - Sistemi upravljanja informacijske
varnosti - Pregled in izrazje (ISO/IEC 27000:2018)
Information technology - Security techniques - Information security management
systems - Overview and vocabulary (ISO/IEC 27000:2018)
Informationstechnik - Sicherheitsverfahren - Informationssicherheits-
Managementsysteme - Überblick und Terminologie (ISO/IEC 27000:2018)
Technologies de l'information - Techniques de sécurité - Systèmes de management de la
sécurité de l'information - Vue d'ensemble et vocabulaire (ISO/IEC 27000:2018)
Ta slovenski standard je istoveten z: EN ISO/IEC 27000:2020
ICS:
01.040.35 Informacijska tehnologija. Information technology
(Slovarji) (Vocabularies)
03.100.70 Sistemi vodenja Management systems
35.030 Informacijska varnost IT Security
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.
EUROPEAN STANDARD
EN ISO/IEC 27000
NORME EUROPÉENNE
EUROPÄISCHE NORM
February 2020
ICS 01.040.35; 35.030
Supersedes EN ISO/IEC 27000:2017
English version
Information technology - Security techniques - Information
security management systems - Overview and vocabulary
(ISO/IEC 27000:2018)
Technologies de l'information - Techniques de sécurité Informationstechnik - Sicherheitsverfahren -
- Systèmes de management de la sécurité de Informationssicherheits-Managementsysteme -
l'information - Vue d'ensemble et vocabulaire (ISO/IEC Überblick und Terminologie (ISO/IEC 27000:2018)
27000:2018)
This European Standard was approved by CEN on 20 October 2019.
CEN and CENELEC members are bound to comply with the CEN/CENELEC Internal Regulations which stipulate the conditions for
giving this European Standard the status of a national standard without any alteration. Up-to-date lists and bibliographical
references concerning such national standards may be obtained on application to the CEN-CENELEC Management Centre or to
any CEN and CENELEC member.
This European Standard exists in three official versions (English, French, German). A version in any other language made by
translation under the responsibility of a CEN and CENELEC member into its own language and notified to the CEN-CENELEC
Management Centre has the same status as the official versions.
CEN and CENELEC members are the national standards bodies and national electrotechnical committees of Austria, Belgium,
Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy,
Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Republic of North Macedonia, Romania, Serbia,
Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and United Kingdom.
CEN-CENELEC Management Centre:
Rue de la Science 23, B-1040 Brussels
© 2020 CEN/CENELEC All rights of exploitation in any form and by any means Ref. No. EN ISO/IEC 27000:2020 E
reserved worldwide for CEN national Members and for
CENELEC Members.
Contents Page
European foreword . 3
European foreword
The text of ISO/IEC 27000:2018 has been prepared by Technical Committee ISO/IEC JTC 1 "Information
technology” of the International Organization for Standardization (ISO) and has been taken over as
the secretariat of which is held by DIN.
This European Standard shall be given the status of a national standard, either by publication of an
identical text or by endorsement, at the latest by August 2020, and conflicting national standards shall
be withdrawn at the latest by August 2020.
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. CEN shall not be held responsible for identifying any or all such patent rights.
This document supersedes EN ISO/IEC 27000:2017.
According to the CEN-CENELEC Internal Regulations, the national standards organizations of the
following countries are bound to implement this European Standard: Austria, Belgium, Bulgaria,
Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland,
Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Republic of
North Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland, Turkey and the
United Kingdom.
Endorsement notice
The text of ISO/IEC 27000:2018 has been approved by CEN as EN ISO/IEC 27000:2020 without any
modification.
INTERNATIONAL ISO/IEC
STANDARD 27000
Fifth edition
2018-02
Information technology — Security
techniques — Information security
management systems — Overview and
vocabulary
Technologies de l'information — Techniques de sécurité — Systèmes
de management de la sécurité de l'information — Vue d'ensemble et
vocabulaire
Reference number
ISO/IEC 27000:2018(E)
©
ISO/IEC 2018
ISO/IEC 27000:2018(E)
© ISO/IEC 2018
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting
on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address
below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva, Switzerland
Tel. +41 22 749 01 11
Fax +41 22 749 09 47
copyright@iso.org
www.iso.org
Published in Switzerland
ii © ISO/IEC 2018 – All rights reserved
ISO/IEC 27000:2018(E)
Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Information security management systems .11
4.1 General .11
4.2 What is an ISMS? .11
4.2.1 Overview and principles .11
4.2.2 Information.12
4.2.3 Information security .12
4.2.4 Management .12
4.2.5 Management system .13
4.3 Process approach .13
4.4 Why an ISMS is important .13
4.5 Establishing, monitoring, maintaining and improving an ISMS .14
4.5.1 Overview .14
4.5.2 Identifying information security requirements .14
4.5.3 Assessing information security risks .15
4.5.4 Treating information security risks . .15
4.5.5 Selecting and implementing controls .15
4.5.6 Monitor, maintain and improve the effectiveness of the ISMS .16
4.5.7 Continual improvement .16
4.6 ISMS critical success factors .17
4.7 Benefits of the ISMS family of standards .17
5 ISMS family of standards .18
5.1 General information .18
5.2 Standard describing an overview and terminology: ISO/IEC 27000 (this document) .19
5.3 Standards specifying requirements .19
5.3.1 ISO/IEC 27001 .19
5.3.2 ISO/IEC 27006 .20
5.3.3 ISO/IEC 27009 .20
5.4 Standards describing general guidelines .20
5.4.1 ISO/IEC 27002 .20
5.4.2 ISO/IEC 27003 .20
5.4.3 ISO/IEC 27004 .21
5.4.4 ISO/IEC 27005 .21
5.4.5 ISO/IEC 27007 .21
5.4.6 ISO/IEC TR 27008 .21
5.4.7 ISO/IEC 27013 .22
5.4.8 ISO/IEC 27014 .22
5.4.9 ISO/IEC TR 27016 .22
5.4.10 ISO/IEC 27021 .22
5.5 Standards describing sector-specific guidelines .23
5.5.1 ISO/IEC 27010 .23
5.5.2 ISO/IEC 27011 .
...
SIST EN ISO/IEC 27000
SL O V EN S K I
S T ANDAR D
april 2020
Informacijska tehnologija – Varnostne tehnike – Sistemi vodenja
informacijske varnosti – Pregled in izrazje (ISO/IEC 27000:2018)
Information technology – Security techniques – Information security management
systems – Overview and vocabulary (ISO/IEC 27000:2018)
Informationstechnik – Sicherheitsverfahren – Informationssicherheits-
Managementsysteme – Überblick und Terminologie (ISO/IEC 27000:2018)
Technologies de l'information – Techniques de sécurité – Systèmes de
management de la sécurité de l'information – Vue d'ensemble et vocabulaire
(ISO/IEC 27000:2018)
Referenčna oznaka
ICS 01.040.35; 03.100.70; 35.030 SIST EN ISO/IEC 27000 : 2020 (sl)
Nadaljevanje na straneh II in III ter od 2 do 34
© 2024-12. Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.
SIST EN ISO/IEC 27000 : 2020
NACIONALNI UVOD
Standard SIST EN ISO/IEC 27000 (sl), Informacijska tehnologija – Varnostne tehnike – Sistemi
vodenja informacijske varnosti – Pregled in izrazje (ISO/IEC 27000:2018), 2020, ima status
slovenskega standarda in je enakovreden evropskemu standardu EN ISO/IEC 27000 (en, fr, de),
Information technology – Security techniques – Information security management systems – Overview
and vocabulary (ISO/IEC 27000:2018), 2020.
NACIONALNI PREDGOVOR
Besedilo standarda EN ISO/IEC 27000:2020 je pripravil združeni tehnični odbor Mednarodne
organizacije za standardizacijo (ISO) in Mednarodne elektrotehniške komisije (IEC) ISO/IEC JTC 1
Informacijska tehnologija. Slovenski standard SIST EN ISO/IEC 27000:2020 je prevod angleškega
besedila evropskega standarda EN ISO/IEC 27000:2020. V primeru spora glede besedila slovenskega
prevoda v tem standardu je odločilen izvirni evropski standard v angleškem jeziku. Slovensko izdajo
standarda je pripravil SIST/TC ITC Informacijska tehnologija.
Odločitev za privzem tega standarda je dne 18. 11. 2024 sprejel SIST/TC ITC Informacijska
tehnologija.
OSNOVA ZA IZDAJO STANDARDA
̶ privzem standarda EN ISO/IEC 27000:2020
PREDHODNA IZDAJA
̶ SIST EN ISO/IEC 27000:2017, Informacijska tehnologija – Varnostne tehnike – Sistemi
upravljanja informacijske varnosti – Pregled in izrazje (ISO/IEC 27000:2016)
OPOMBE
̶ Povsod, kjer se v besedilu standarda uporablja izraz "evropski standard", v SIST EN ISO/IEC
27000:2020 to pomeni "slovenski standard".
̶ Nacionalni uvod in nacionalni predgovor nista sestavni del standarda.
̶ V podtočki 5.4.10 (točke 5.4 Standardi, ki opisujejo splošne smernice) je v evropskem standardu
naveden napačen naslov standarda ISO/IEC 27021. Pravi naslov je "Information technology –
Security techniques – Competence requirements for information security management systems
professionals".
̶ V podtočki 5.4.2 (točke 5.4 Standardi, ki opisujejo splošne smernice) ter poglavju Viri in literatura
je v evropskem standardu naveden napačen naslov standarda ISO/IEC 27003. Pravi naslov je
"Information technology – Security techniques – Information security management systems –
Guidance".
̶ Ta nacionalni dokument je enakovreden EN ISO/IEC 27000:2020 in je objavljen z dovoljenjem
CEN-CENELEC
Upravni center
Rue de la Science 23
B-1040 Bruselj
Belgija
II
SIST EN ISO/IEC 27000 : 2020
̶ This national document is identical with EN ISO 27000:2020 and is published with the permission
of
CEN-CENELEC
Management Centre
Rue de la Science 23
B-1040 Brussels
Belgium
III
SIST EN ISO/IEC 27000 : 2020
(prazna stran)
IV
EVROPSKI STANDARD EN ISO/IEC 27000
EUROPEAN STANDARD
NORME EUROPÉENNE
februar 2020
EUROPÄISCHE NORM
ICS 01.040.35; 03.100.70; 35.030
Slovenska izdaja
Informacijska tehnologija – Varnostne tehnike – Sistemi vodenja
informacijske varnosti – Pregled in izrazje
(ISO/IEC 27000:2018)
Information technology – Security Technologies de l'information – Informationstechnik –
techniques – Information security Techniques de sécurité – Sicherheitsverfahren –
management systems – Overview Systèmes de management de la Informationssicherheits-
and vocabulary (ISO/IEC sécurité de l'information – Vue Managementsysteme – Überblick
27000:2018) d'ensemble et vocabulaire und Terminologie (ISO/IEC
(ISO/IEC 27000:2018) 27000:2018)
Ta evropski standard je CEN sprejel dne 20. oktobra 2019.
Člani CEN in CENELEC morajo izpolnjevati notranje predpise CEN/CENELEC, s katerimi je predpisano, da mora biti ta
standard brez kakršnihkoli sprememb sprejet kot nacionalni standard. Seznami najnovejših izdaj teh nacionalnih
standardov in njihovi bibliografski podatki so na zahtevo na voljo pri Upravnem centru CEN-CENELEC ali kateremkoli
članu CEN in CENELEC.
Ta evropski standard obstaja v treh uradnih izdajah (angleški, francoski, nemški). Izdaje v drugih jezikih, ki jih člani
CEN in CENELEC na lastno odgovornost prevedejo in izdajo ter prijavijo pri Upravnem centru CEN-CENELEC, veljajo
kot uradne izdaje.
Člani CEN in CENELEC so nacionalni organi za standarde in nacionalni elektrotehniški odbori Avstrije, Belgije,
Bolgarije, Cipra, Češke republike, Danske, Estonije, Finske, Francije, Grčije, Hrvaške, Irske, Islandije, Italije, Latvije,
Litve, Luksemburga, Madžarske, Malte, Nemčije, Nizozemske, Norveške, Poljske, Portugalske, Republike Severna
Makedonija, Romunije, Slovaške, Slovenije, Srbije, Španije, Švedske, Švice, Turčije in Združenega kraljestva.
CEN-CENELEC
CEN-CENELEC Upravni center
Rue de la Science 23, B-1040 Bruselj
© 2020 CEN/CENELEC Lastnice vseh oblik avtorskih pravic so vse države Ref. oznaka EN ISO/IEC 27000:2020 E
članice CEN in CENELEC.
SIST EN ISO/IEC 27000 : 2020
VSEBINA Stran
Evropski predgovor . 3
SIST EN ISO/IEC 27000 : 2020
Evropski predgovor
Besedilo standarda ISO/IEC 27000:2018 je pripravil tehnični odbor ISO/IEC JTC 1 "Informacijska
tehnologija" Mednarodne organizacije za standardizacijo (ISO) in ga je kot EN ISO/IEC 27000:2020
sprejel tehnični odbor CEN/CLC/JTC 13 "Kibernetska varnost in varstvo podatkov", katerega
sekretariat vodi DIN.
Ta evropski standard mora z objavo istovetnega besedila ali z razglasitvijo dobiti status nacionalnega
standarda najpozneje do avgusta 2020, nacionalne standarde, ki so v nasprotju s tem standardom, pa
je treba razveljaviti najpozneje do avgusta 2020.
Opozoriti je treba na možnost, da je lahko nekaj elementov tega dokumenta predmet patentnih pravic.
CEN ni odgovoren za identificiranje katerekoli ali vseh takih patentnih pravic.
Ta dokument nadomešča EN ISO/IEC 27000:2017.
V skladu z notranjimi predpisi CEN-CENELEC morajo ta evropski standard obvezno uvesti nacionalne
organizacije za standardizacijo naslednjih držav: Avstrije, Belgije, Bolgarije, Cipra, Češke republike,
Danske, Estonije, Finske, Francije, Grčije, Hrvaške, Irske, Islandije, Italije, Latvije, Litve, Luksemburga,
Madžarske, Malte, Nemčije, Nizozemske, Norveške, Poljske, Portugalske, Republike Severna
Makedonija, Romunije, Slovaške, Slovenije, Srbije, Španije, Švedske, Švice, Turčije in Združenega
kraljestva.
Razglasitvena objava
Besedilo standarda ISO/IEC 27000:2018 je CEN odobril kot EN ISO/IEC 27000:2020 brez sprememb.
SIST EN ISO/IEC 27000 : 2020
Vsebina Stran
Predgovor k mednarodnemu standardu . 6
Uvod .7
1 Področje uporabe . 8
2 Zveze s standardi . 8
3 Izrazi in definicije . 8
4 Sistemi vodenja informacijske varnosti . 18
4.1 Splošno . 18
4.2 Kaj je sistem vodenja informacijske varnosti? . 18
4.2.1 Pregled in načela . 18
4.2.2 Informacija . 19
4.2.3 Informacijska varnost . 19
4.2.4 Vodenje . 19
4.2.5 Sistem vodenja . 20
4.3 Procesni pristop . 20
4.4 Zakaj je sistem vodenja informacijske varnosti pomemben . 20
4.5 Vzpostavljanje, spremljanje, vzdrževanje in izboljševanje sistema vodenja informacijske
varnosti. 21
4.5.1 Pregled . 21
4.5.2 Prepoznavanje zahtev informacijske varnosti . 21
4.5.3 Ocenjevanje tveganj informacijske varnosti . 22
4.5.4 Obravnavanje tveganj informacijske varnosti . 22
4.5.5 Izbiranje in izvajanje kontrol . 22
4.5.6 Spremljanje, vzdrževanje in izboljševanje uspešnosti sistema vodenja informacijske
varnosti . 23
4.5.7 Nenehno izboljševanje . 24
4.6 Ključni dejavniki uspeha sistema vodenja informacijske varnosti . 24
4.7 Koristi skupine standardov za sistem vodenja informacijske varnosti . 24
5 Skupina standardov za sistem vodenja informacijske varnosti . 25
5.1 Splošne informacije . 25
5.2 Standardi, ki opisujejo pregled in terminologijo: ISO/IEC 27000 (ta dokument) . 26
5.3 Standardi, ki določajo zahteve . 26
5.3.1 ISO/IEC 27001 . 26
5.3.2 ISO/IEC 27006 . 27
5.3.3 ISO/IEC 27009 . 27
5.4 Standardi, ki opisujejo splošne smernice. 27
5.4.1 ISO/IEC 27002 . 27
5.4.2 ISO/IEC 27003 . 28
5.4.3 ISO/IEC 27004 . 28
5.4.4 ISO/IEC 27005 . 28
SIST EN ISO/IEC 27000 : 2020
5.4.5 ISO/IEC 27007 . 28
5.4.6 ISO/IEC TR 27008 . 28
5.4.7 ISO/IEC 27013 . 29
5.4.8 ISO/IEC 27014 . 29
5.4.9 ISO/IEC TR 27016 . 29
5.4.10 ISO/IEC 27021 . 30
5.5 Standardi, ki opisujejo smernice za določene sektorje . 30
5.5.1 ISO/IEC 27010 . 30
5.5.2 ISO/IEC 27011 . 30
5.5.3 ISO/IEC 27017 . 31
5.5.4 ISO/IEC 27018 .
...
Questions, Comments and Discussion
Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.