Home > Information Security Management System (ISMS)

What standards should be referred to for ISMS implementation?

ISMS is based on two international standards:

  • ISO/IEC 27001:2005
  • ISO/IEC 27002:2005

ISO/IEC 27001:2005

ISO/IEC 27001:2005 is the Requirements for Information Security Management Systems. It specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented ISMS within the context of the organization's overall business risks. The ISMS processes are based on the following Plan-Do-Check-Act model:

Figure 1: PDCA Model

ISO/IEC 27002:2005

ISO/IEC 27002:2005 is the Code of Practice for Information Security Management. It provides a catalogue of controls that can be implemented for ISMS. The standard comprises of 11 security areas, 39 controls objectives and 133 controls. The 11 security areas of ISO/IEC 27002 are listed in Figure 2:

Figure 2: ISO/IEC 27002:2005 Security Areas

Contact Us | FAQ | Site Map | Disclaimer | Copyright © - CyberSecurity Malaysia