ISO/IEC 27001 is an international standard titled:
“Information technology — Security techniques — Information security management systems — Requirements”
It specifies the requirements for establishing, implementing, maintaining, and continually improving an Information Security Management System (ISMS).
Quality Attributes Required or Emphasized
The standard is centered around information security and risk management. The primary quality attributes are:
| Attribute | Relevance in ISO/IEC 27001 |
|---|---|
| Confidentiality | Ensuring that information is accessible only to authorized individuals or systems. |
| Integrity | Maintaining the accuracy and completeness of information and preventing unauthorized modification. |
| Availability | Ensuring that authorized users have timely and reliable access to information when needed. |
| Reliability | Addressed through requirements for business continuity, system and network security, and operational procedures. |
| Maintainability | Supported by requirements for documentation, change management, and clear allocation of responsibilities. |
| Compliance | A key driver for implementing the standard is to ensure legal, statutory, regulatory, and contractual requirements are met. |
Note: ISO/IEC 27001 provides a framework for managing information security risks. The specific controls are listed in Annex A and are further detailed in ISO/IEC 27002.
References
Official Standards Documents
- t.b.d
Related Standards
- ISO/IEC 27002 - Code of practice for information security controls
- ISO/IEC 27005 - Information security risk management
Additional Resources
- t.b.d