Hello Valuable Members of TurkHackTeam,
In this topic, we have compiled information about the history of ISO, which establishes and brings together the most important standards worldwide, and two prominent standards under its umbrella. Happy reading...
Table of Contents
What is ISO?
How many standards does ISO have?
What is ISO 27001?
What is ISO 27002?
What is the difference between ISO 27001 and ISO 27002?
What is ISO?
The International Organization for Standardization (ISO) was established on February 23, 1947, following a decision made by delegates from twenty-five countries who met at the Institution of Civil Engineers in London, the capital of England, in 1946, to facilitate the consolidation of international coordination and industrial standards. As a non-governmental organization, the headquarters of the International Organization for Standardization (ISO) is located in Geneva, Switzerland. ISO plays a significant role in facilitating global trade by providing equal standards among countries. It was established with the support of national standard bodies from one hundred and thirty-five countries and is currently governed by a membership of over 179 countries. ISO emphasizes facilitating trade by removing various technical barriers to trade, following principles commonly accepted by organizations such as ISO, IEC, IAF, ILAC, and WTO/WTC. They published their first standards in 1987. Since its establishment, ISO has been successful in publishing numerous international standards covering almost all areas of technology and production. Currently, it has members from one hundred and ninety-four countries and seven hundred and six technical committee members and subcommittee members. The areas covered by ISO standards range from health to technology, from manufacturing to security, and from the environment to all other fields.
What is the purpose of ISO?
ISO aims to safeguard the well-being of consumers and users of products and services. Additionally, it aims to enable consumers to access these services and products without hesitation. While this objective is pursued by every organization, ISO approaches it with a more objective perspective. In addition, ISO provides technical support to governments for health and safety. It also supports technology transfer to developing countries. ISO aims for products and services to be both safe and of tangible quality. Its primary goals include eliminating differences.
How many standards does ISO have?
ISO has over 24,208 international standards that facilitate international trade growth alongside enhancing communication and collaboration. ISO standards establish procedures and products for all organizations. Furthermore, ISO goes beyond this by publishing technical reports, norms, numerous national standardization programs, specifications, guidelines, and publicly accessible features.
ISO's most prominent standards, which are internationally accepted and play a significant role in facilitating world trade, are ISO 27001 and ISO 27002. These are controlled by relevant individuals and have been widely adopted.
What is ISO 27001?
ISO 27001, one of the prominent standards, plays a significant role in helping industries keep their own and their customers' confidential information secure. Being an international framework, ISO 27001 enables organizations to consider privacy risks, manage and mitigate these risks, and implement necessary security measures. It also assists in continuously reviewing methods that will not only apply for the present but also for the future.
ISO 27001 provides a framework to help organizations of any size or sector systematically and cost-effectively protect their information by adopting an Information Security Management System (ISMS). It includes specifications, documentation, management responsibility, internal audits, continuous improvement, and corrective and preventive actions in detail. The standard necessitates collaboration among all sections of an organization. ISO 27001 does not mandate specific information security controls, but it provides a checklist of controls that should be considered in ISO/IEC 27002:2005, the accompanying code of practice for implementing information security controls. This second standard describes a comprehensive set of information security control objectives and a range of generally accepted best practice security controls.
What is ISO 27002?
Initially named ISO/IEC 1779, ISO 27002 is the primary title of our subject and one of the two most important names associated with ISO. It was first published under this title in the year 2000. Later, it was completely revised and renamed as ISO 27002, along with the publication of ISO 27001. These two standards are designed to complement each other like pieces of a puzzle. ISO 27002 is designed to be implemented in conjunction with the guidance provided by ISO 27001, providing hundreds of potential controls and control mechanisms. The controls listed and recommended in the standard aim to address specific issues identified during a formal risk assessment. This standard also aims to provide guidance for the development of security standards and effective security management practices. They are regularly updated to include references to other security standards published by ISO/IEC, such as ISO/IEC 27000 and ISO/IEC 27005, in addition to the best information security practices that have emerged since previous publications. These include the selection, implementation, and methodology of controls based on an organization's unique information security risk environment. The 2013 edition of ISO 27002 contains a total of 114 controls. Examples of these controls include organization structure, security policies, information security organization, human resource security, IT asset management, access control, cryptography, physical and environmental security, operational security, communication security, information system acquisition, development and maintenance, supplier relationships, information security aspects, and compliance with defined regulations or specifications.
What is the difference between ISO 27001 and ISO 27002?
In complementing puzzles, they are always different from each other. ISO 27001 and ISO 27002 may appear quite similar. Both standards are related to IT security and resilience, focusing on establishing a robust Information Security Risk Management System (ISMS). ISO 27001 is an information security management standard related to information security controls. It is designed to be used when managing or implementing an Information Security Risk Management System (ISMS). In short, an ISMS refers to a plan designed to secure your corporate data, such as important files, websites, servers, and emails, which encompasses the systems, technology, people, and other elements. It is a holistic concept designed to combine all different controls in place to protect your data from accidental loss, data leaks, breaches, hacks, and other threats and security vulnerabilities. For example, ISO 27001 Annex A outlines requirements regarding information security policies, secure handling of human resources, IT asset management, data cryptography and encryption, operational security, and other critical areas of your Information Security Risk Management System (ISMS).
The most significant difference between ISO 27001 and ISO 27002 is certification. While you can obtain ISO 27001 certification, you cannot obtain certification for ISO 27002. It is not possible to obtain certification according to ISO 27002 standards. Essentially, to obtain certification in ISO 27001, you need to demonstrate compliance requirements for certification. However, ISO 27002 consists of a series of guidelines aimed at introducing best practices for Information Security Risk Management Systems (ISMS) and assisting in their implementation. To make an analogy, ISO 27002 is like a guidebook or practice test, while ISO 27001 is filled with rules, guidelines, and hints that can help you prepare for the test.
Topic Owner : @'Syera ISO 27002 Nedir? Ne İşe Yarar? ISO 27001'den Farkları Nelerdir?
In this topic, we have compiled information about the history of ISO, which establishes and brings together the most important standards worldwide, and two prominent standards under its umbrella. Happy reading...
Table of Contents
What is ISO?
How many standards does ISO have?
What is ISO 27001?
What is ISO 27002?
What is the difference between ISO 27001 and ISO 27002?
What is ISO?
The International Organization for Standardization (ISO) was established on February 23, 1947, following a decision made by delegates from twenty-five countries who met at the Institution of Civil Engineers in London, the capital of England, in 1946, to facilitate the consolidation of international coordination and industrial standards. As a non-governmental organization, the headquarters of the International Organization for Standardization (ISO) is located in Geneva, Switzerland. ISO plays a significant role in facilitating global trade by providing equal standards among countries. It was established with the support of national standard bodies from one hundred and thirty-five countries and is currently governed by a membership of over 179 countries. ISO emphasizes facilitating trade by removing various technical barriers to trade, following principles commonly accepted by organizations such as ISO, IEC, IAF, ILAC, and WTO/WTC. They published their first standards in 1987. Since its establishment, ISO has been successful in publishing numerous international standards covering almost all areas of technology and production. Currently, it has members from one hundred and ninety-four countries and seven hundred and six technical committee members and subcommittee members. The areas covered by ISO standards range from health to technology, from manufacturing to security, and from the environment to all other fields.
What is the purpose of ISO?
ISO aims to safeguard the well-being of consumers and users of products and services. Additionally, it aims to enable consumers to access these services and products without hesitation. While this objective is pursued by every organization, ISO approaches it with a more objective perspective. In addition, ISO provides technical support to governments for health and safety. It also supports technology transfer to developing countries. ISO aims for products and services to be both safe and of tangible quality. Its primary goals include eliminating differences.
How many standards does ISO have?
ISO has over 24,208 international standards that facilitate international trade growth alongside enhancing communication and collaboration. ISO standards establish procedures and products for all organizations. Furthermore, ISO goes beyond this by publishing technical reports, norms, numerous national standardization programs, specifications, guidelines, and publicly accessible features.
ISO's most prominent standards, which are internationally accepted and play a significant role in facilitating world trade, are ISO 27001 and ISO 27002. These are controlled by relevant individuals and have been widely adopted.
What is ISO 27001?
ISO 27001, one of the prominent standards, plays a significant role in helping industries keep their own and their customers' confidential information secure. Being an international framework, ISO 27001 enables organizations to consider privacy risks, manage and mitigate these risks, and implement necessary security measures. It also assists in continuously reviewing methods that will not only apply for the present but also for the future.
ISO 27001 provides a framework to help organizations of any size or sector systematically and cost-effectively protect their information by adopting an Information Security Management System (ISMS). It includes specifications, documentation, management responsibility, internal audits, continuous improvement, and corrective and preventive actions in detail. The standard necessitates collaboration among all sections of an organization. ISO 27001 does not mandate specific information security controls, but it provides a checklist of controls that should be considered in ISO/IEC 27002:2005, the accompanying code of practice for implementing information security controls. This second standard describes a comprehensive set of information security control objectives and a range of generally accepted best practice security controls.
What is ISO 27002?
Initially named ISO/IEC 1779, ISO 27002 is the primary title of our subject and one of the two most important names associated with ISO. It was first published under this title in the year 2000. Later, it was completely revised and renamed as ISO 27002, along with the publication of ISO 27001. These two standards are designed to complement each other like pieces of a puzzle. ISO 27002 is designed to be implemented in conjunction with the guidance provided by ISO 27001, providing hundreds of potential controls and control mechanisms. The controls listed and recommended in the standard aim to address specific issues identified during a formal risk assessment. This standard also aims to provide guidance for the development of security standards and effective security management practices. They are regularly updated to include references to other security standards published by ISO/IEC, such as ISO/IEC 27000 and ISO/IEC 27005, in addition to the best information security practices that have emerged since previous publications. These include the selection, implementation, and methodology of controls based on an organization's unique information security risk environment. The 2013 edition of ISO 27002 contains a total of 114 controls. Examples of these controls include organization structure, security policies, information security organization, human resource security, IT asset management, access control, cryptography, physical and environmental security, operational security, communication security, information system acquisition, development and maintenance, supplier relationships, information security aspects, and compliance with defined regulations or specifications.
What is the difference between ISO 27001 and ISO 27002?
In complementing puzzles, they are always different from each other. ISO 27001 and ISO 27002 may appear quite similar. Both standards are related to IT security and resilience, focusing on establishing a robust Information Security Risk Management System (ISMS). ISO 27001 is an information security management standard related to information security controls. It is designed to be used when managing or implementing an Information Security Risk Management System (ISMS). In short, an ISMS refers to a plan designed to secure your corporate data, such as important files, websites, servers, and emails, which encompasses the systems, technology, people, and other elements. It is a holistic concept designed to combine all different controls in place to protect your data from accidental loss, data leaks, breaches, hacks, and other threats and security vulnerabilities. For example, ISO 27001 Annex A outlines requirements regarding information security policies, secure handling of human resources, IT asset management, data cryptography and encryption, operational security, and other critical areas of your Information Security Risk Management System (ISMS).
The most significant difference between ISO 27001 and ISO 27002 is certification. While you can obtain ISO 27001 certification, you cannot obtain certification for ISO 27002. It is not possible to obtain certification according to ISO 27002 standards. Essentially, to obtain certification in ISO 27001, you need to demonstrate compliance requirements for certification. However, ISO 27002 consists of a series of guidelines aimed at introducing best practices for Information Security Risk Management Systems (ISMS) and assisting in their implementation. To make an analogy, ISO 27002 is like a guidebook or practice test, while ISO 27001 is filled with rules, guidelines, and hints that can help you prepare for the test.
Topic Owner : @'Syera ISO 27002 Nedir? Ne İşe Yarar? ISO 27001'den Farkları Nelerdir?
