ISO/IEC 27004 explained

ISO/IEC 27004 Information Technology – Security techniques – Information Security Management – Measurement. It is part of a family of standards of information security management system (ISMS), which is a systematic approach to securing sensitive information,[1] of ISO/IEC. It provides standards for a robust approach to managing information security (infosec) and building resilience.[2] It was published on December 7, 2009 and revised in December 2016. It is currently not certifiable and is not translated into Spanish.

This standard appears in ISO/IEC 27000-series (more information can be found in ISO/IEC 27000). The ISO/IEC 27004 standard provides guidelines intended to assist organizations to evaluate the performance of information security and the efficiency of a management system in order to meet the requirements of the ISO/IEC 27001.[3]

What does the standard establish?

This standard establishes:[4]

This standard is applicable to all types of organizations regardless of size.

Terms and structure

The terms and definitions given in this standard are defined within the standard ISO/IEC 27000. The ISO/IEC 27004 standard is structured as follows:[5]

In addition to that, it has 3 annexes (A, B, C):

References

  1. Web site: BS EN ISO/IEC 27001 Information Security Management – Precise definition of ISMS. www.iso.org. 7 April 2020.
  2. Web site: BS EN ISO/IEC 27001 Information Security Management – More about ISMS in ISO/IEC 27001. www.bsigroup.com. 3 April 2020.
  3. Web site: BS EN ISO/IEC 27004:2016 – What is ISO 27004?. www.iso.org. 3 April 2020.
  4. Web site: BS EN ISO/IEC 27004 Information Security Management – What ISO/IEC 27004 establishes?. webstore.iec.ch. 7 April 2020.
  5. Web site: BS EN ISO/IEC 27004:2016 – Preview of contents of ISO/IEC 27004:2016. www.iso.org. 3 April 2020.

External links