ISO 27001 / ISO27001
ISO/IEC 27001:2005 was published in November 2005. It defines an Information Security Management System, complementing the ISO 17799 'code of practice'.
The standard itself has been harmonized to align with other management systems standards, such as ISO 9000, and it is this standard rather than ISO 17799, against which certification is achieved.
The objective of the standard is stated to be "to ensure the selection of adequate and proportionate security controls that protect information assets and give confidence to interested parties including an organisationís customers" It is in this respect (selection of controls) in which the standard complements ISO 17799, as the latter defines hundreds of potential individual controls.
ISO 27001 Contents
The contents of the standard are listed on the following page: ISO27001 Contents
ISO 27001 News
This page will be updated periodically as the standard and its use further evolves. In the meantime, the following external resources may be useful: ISO 27001 Portal, BSI, ISO 27001 User Group. And for historical interest, the oldest, most 1990's site on the topic is probably the ISO 17799 Portal (we hope it never changes)!