Académique Documents
Professionnel Documents
Culture Documents
19 May 2009
ISO/IEC
ISMSFamilyofStandards
27000 Overview&Vocabulary
27001 Requirements
27002 CodeofPractice
27003 ImplementationGuidance
27004 Measurements
27005 InformationSecurityRiskMgt.
27006 GuidelinesforaccreditationofBodies
27007 AuditorGuidelines
27008 GuidanceforAuditorsonISMSControls
ISO/IEC
ISMSFamilyofStandards
27009 tobeassigned
27010 ISMforInterSectorCommunications
27011 ISMGuidelinesforTelecommunications
OrganizationsBasedonISO/IEC27002
27012 tobeassigned
27013 GuidanceontheIntegratedImplementationof
200001&27001
27014 InformationSecurityGovernanceFramework
27015 ISMGuidelinesforFinancial&InsuranceServices
WhatisISMS?
To establish policy
and objectives for
information security
within the context
of the organisations
overall business risk
and the means by
which these
objectives can be
achieved
PLAN
Establish
ISMS
DO
Implement &
Operate ISMS
CHECK
Monitor &
Review ISMS
ACT
Maintain &
Improve ISMS
HowISO27001Evolved
27000 Overview&Vocabulary
SCOPE
Overview,statusandrelationshipsofthe
ISO/IEC27000ISMSfamilyofstandards
VocabularyrelatingtotheISO/IEC27000ISMS
family
================
Status:Published
Status:CommencingStudyforReview
Target:Current
ISO/IEC27001 Requirements
Specifiesrequirementsfor
establishing,implementing,
operating,monitoring,reviewing,
maintainingandimprovinga
documentedISMSwithinthe
contextofanorganizationsoverall
businessrisks
ISO/IEC27001 Requirements
SpecifiesRequirements for:
Establishing
Implementing
Operating
Monitoring
Reviewing
Maintaining
Improving
ISO/IEC27001 Requirements
ReplacesBS77992
ModificationsApplied
AccreditationConfirmed
Status:Published15th October2005
Current:RevisionCommenced
ISO/IEC27002 CodeofPractice
Establishesguidelines&generalprinciples
forinitiating,implementing,maintaining,
andimprovinginformationsecurity
managementinanorganization.The
objectivesoutlinedinthisInternational
Standardprovidegeneralguidanceonthe
commonlyacceptedgoalsofinformation
securitymanagement
Establishesguidelinesandgeneralprinciplesfor:
Initiating
Implementing
Maintaining
Improving
ISO/IEC27002 CodeofPractice
ReplacesISO/IEC17799(April2007)
WhichReplacedBS77991(Dec2000)
ModificationsApplied
Status:Published/Republished
Current:RevisionCommenced
ISO/IEC27002 SecurityCategories
ISO/IEC27002 ControlObjectives
ISO/IEC
27002:2007
Security Policy
Organizing Information Security
Asset Management
Human Resources Security
Physical & Environmental Security
Communications & Operations Mgt
Access Control
System Acquisition, Develop & Maint
Security Incident Management
Business Continuity Management
Compliance
ISO/IEC27002 ControlObjectives
ISO/IEC
27002:2007
Security Policy
ISO/IEC27002 ControlObjectives
ISO/IEC
27002:2007
ISO/IEC27002 ControlObjectives
ISO/IEC
27002:2007
ISO/IEC27002 ControlObjectives
ISO/IEC
27002:2007
ISO/IEC27002 ControlObjectives
ISO/IEC
27002:2007
ISO/IEC27002 ControlObjectives
ISO/IEC
27002:2007
ISO/IEC27002 ControlObjectives
ISO/IEC
27002:2007
Access Control
ISO/IEC27002 ControlObjectives
ISO/IEC
27002:2007
ISO/IEC27002 ControlObjectives
ISO/IEC
27002:2007
ISO/IEC27002 ControlObjectives
ISO/IEC
27002:2007
ISO/IEC27002 ControlObjectives
ISO/IEC
27002:2007
Compliance
ISO/IEC27003 Guidance
Scope
ImplementingInformationSecurityManagement
System(ISMS)requirements
InformationaboutusingthePDCAmodel
RequirementsofthedifferentstagesonthePDCA
processtoestablish,implementandoperate,monitor
andreviewandimprovetheISMS
Status:FinalDraftInternationalStandard
Status:ExpectedPublicationLate2009
ISO/IEC27004 Measurements
SCOPE
Specifymetrics/guidancere.measurementtechniques
applicabletodetermining&describingeffectivenessof
informationsecuritycontrols,informationsecurityprocesses,
andISMS
Applicabletoanyorganisationprotectingassets
Tobeusedinconjunctionwithstandardsspecifying
requirementsfor:informationsecuritymanagementsystems,
informationsecurityprocessreferencemodels,and
managementofinformationsecurityrisks
Status:FinalDraftInternationalStandard
Status:ExpectedPublicationLate2009
ISO/IEC27005 RiskManagement
SCOPE
Status:Published June2008
ISO/IEC27006 Accreditation
Scope
Specifiesrequirements&providesguidancefor
bodiesprovidingauditandcertificationofan
InformationSecurityManagementsystem(ISMS),
inadditiontotherequirementscontainedwithin
ISO/IEC17021andISO/IEC27001
Primarilyintendedtosupportaccreditationof
certificationbodiesprovidingISMScertification
Published February2007
ISO/IEC27007 ISMSAuditorGuidance
Scope
Providesguidanceonconductinginformationsecurity
managementsystem(ISMS)audits,aswellasguidanceon
thecompetenceofISMSauditors,inadditiontotheguidance
containedinISO19011.
Applicabletothoseneedingtounderstandorconduct
internalorexternalauditsofanISMSortomanageanISMS
auditprogramme
Status CommitteeDraft
Status ExpectedPublication2012
ISO/IEC27008 AuditorGuidanceISMS
Controls
Scope
ProvidesguidanceforassessingtheimplementationofISMS
controlsselectedthroughariskbasedapproachfor
informationsecuritymanagement
Supportstheinformationsecurityriskmanagementprocess
andassessmentofISMScontrolsbyexplainingthe
relationshipbetweentheISMSanditssupportingcontrols.
Providesguidanceonhowtoverifytheextenttowhich
requiredISMScontrolsareimplemented.
ISO/IEC27010 ISMGuidelinesfor
InterSectorCommunications
Scope
Providesguidanceforsecuringcommunications
withinandexternaltoanorganisation
Status FindingitswayafterProjectApproval
Status 1st WorkingDraft
Status ExpectedPublication2013
ISO/IEC27011 ISMGuidelinesfor
telecommunicationsorganizations
basedonISO/IEC27002
Scope
Providesguidelinessupportingtheimplementationof
InformationSecurityManagementin
telecommunicationsorganizations
Allowstelecommunicationsorganizationstomeet
baselineinformationsecuritymanagement
requirementsofconfidentiality,integrity,availability
andanyotherrelevantsecurityproperty
Status PublishedApril2009
ISO/IEC27013 ISMGuidelinesonthe
integratedimplementation200001and27001
Scope
ProvidesGuidanceontheintegrated
implementationofISO/IEC200001andISO/IEC
27001
Status NewlyApprovedProject
Status ExpectedCompletion2012
ISO/IEC27014 InformationSecurity
GovernanceFramework
Scope
Providesguidanceonthedevelopmentanduse
ofaninformationsecuritygovernance
frameworktohelporganizationsdirectand
controltheInformationSecurityManagement
System(ISMS)processasspecifiedinISO/IEC
27001.
Status NewlyApprovedProject
Status ExpectedCompletion2012
ISO/IEC27015 ISMGuidelinesfor
FinancialandInsuranceServices
Scope
Providesguidancetothefinancialandinsuranceservices
sectorsonhowtoadaptthe2700xInformationSecurity
ManagementSystem(ISMS)Framework.
Supportsthosesectorsinfulfillingsectorspecific
informationsecurityrelatedlegalandregulatory
requirementsthroughaninternationallyagreedand
wellacceptedframework.
Status NewlyApprovedProject
Status ExpectedCompletion2012
Alignment of ISMS
Family of Standards
ISO/IEC27000ISMSFamily
ISO/IEC27000 Overview&Vocabulary
ISO 27000 Overview and Vocabulary
(Provides terminology for, and shows relationships between, the 27000 ISMS Family of Standards)
ISO/IEC 27001
Certification
Certificate:1
Certificate:71500
Certificate:520
Certificate:>500
Certificate:34
Certificate:2
Certificate:2170
ArgentinaArmenia
MexicoUSATurkey
India
BulgariaGibraltar
Bangladesh
HungaryItaly
BelgiumKyrgyzstan
GreeceRomania
UK
NorwayQatar
Canada
PolandSpain
LebanonLithuania
NetherlandsFrance
Taiwan
SriLankaChileEgypt
IsleofMan
HongKong
Total=2999
LuxemburgMacedonia
IcelandPakistan
China
IranMacauOmanPeru
Kazakhstan
Austria
Australia
BelarusMauritius
Philippines
Germany
PortugalVietnam
Morocco
IrelandMalaysia
Moldova
RussianFederation
Korea
Ukraine
BrazilThailand
NewZealandUruguay
Total=44
SaudiArabiaSlovenia
USA
Yemen
Total=12
SwedenSouthAfrica
CzechRepublic
Total=384
SwitzerlandBahrain
Total=1645
ColombiaCroatia
Total=14
IndonesiaKuwait
Japan
Total=238
Jap an
29 9 9
Fra nc e
1 2
M a ca u
I n d ia
4 4 1
I c e la n d
1 2
O m an
UK
3 9 5
P a k ist a n
1 2
Peru
T a iw a n
2 4 8
P h il ip p in e s
1 1
P o rt u g a l
C h in a
1 9 1
S i n g a p o re
1 1
V ie t n a m
G erm an y
1 2 4
R u s si a n
1 0
B a n g la d e s h
1 0
C an ad a
F e d e r a t io n
K ore a
8 9
S a u d i A r a b ia
US A
8 6
S l o v e n ia
Is l e o f M a n
C z e c h R e p u b l ic
Hu n ga ry
7 1
S w ed en
K az ak hs tan
6 4
S lov akia
M o roc c o
It a l y
5 9
S o uth
U k r a in e
P o la n d
3 9
S w it z e r la n d
A r g e n t in a
S p a in
3 5
B a h r a in
A r m e n ia
Ho n g K on g
3 1
C o lo m b i a
B elgium
A u s t r ia
3 0
C r o a t ia
K y r g y z s ta n
A u s t r a li a
2 9
I n d o n e s ia
Leb an on
I r e la n d
2 9
K u w a it
L it h u a n ia
M a la y s ia
2 6
B u lg a r i a
Lux em b ou rg
B r a z il
2 1
G ib r a l t a r
M a c e d o n ia
T h a i la n d
2 1
N orw ay
B elaru s
M e x ic o
2 0
Q a ta r
M a u r i ti u s
UA E
1 8
S ri Lan ka
M o ld o v a
Tu rke y
1 8
C h il e
Ne w
G reec e
1 5
E gy pt
Uru gu a y
R om a nia
1 5
Iran
Ye m e n
N e th e r l a n d s
1 3
A fr i ca
Z ealan d
A r g e n t in a
Iran
A r m e n ia
Irelan d
A u s t r a li a
2 9
I s le
A u s t r ia
3 0
I t a ly
3
of
2 9
M a n
5 9
B ah rain
Jap a n
B a n g la d e s h
K a z a k h s ta n
B elaru s
K o rea
B elgium
K u w a it
B r a z il
2 1
2
2 99 9
2
8 9
P h i lip p in e s
1 1
P o la n d
3 9
P o r tu g a l
Q a ta r
R o m a n ia
R u s sia n
1 5
F e d e r a t io n
1 0
S a u d i A r a b ia
1 0
S ing ap o re
1 1
K y r g y zs t a n
S lov ak ia
B u l g a r ia
L eb an o n
S l o v e n ia
C an ad a
L it h u a n i a
S o uth
C h ile
L u x em b ou rg
S p ain
M ac au
S ri L an k a
S w ed en
S w it z e r la n d
C h in a
1 9 1
C o l o m b ia
M a c e d o n ia
C r o a ti a
M a la y s ia
C z e c h R e p u b l ic
Eg y p t
7 1
F ran c e
1 2
M oldo v a
1 2 4
M o r o cc o
G e rm an y
G ib r a lt a r
M a u r it iu s
M ex ic o
N e t h e r la n d s
G reec e
1 5
N e w
H o n g K on g
3 1
H u n ga ry
I c e la n d
I n d ia
In d o n e s i a
1
2 0
T a iw a n
3 5
2 4 8
T h a ila n d
2 1
T urk ey
1 8
U A E
1 8
1 3
U K
3 9 5
U kraine
N orw ay
U rug u ay
6 4
O m an
U S A
1 2
P a k ist a n
4 4 1
5
Pe ru
Z e a la n d
2 6
A fr i ca
1 2
3
8 6
V iet na m
Y em en
ISO/IEC27001 Trend
Number
Of
Certificates
Year
AEONCreditService(Asia)Co.,Ltd.,System
Division
BankConsortiumTrustCompanyLimited Data
CentreforBankConsortiumHoldingLimited
groupofcompanies
CascadeLtdNetvigatorInternetService
OperationCenter(iCenter)
CascadeLtd.e.Center
CIGNAWorldwideLifeInsuranceCo.,Ltd./
CIGNAWorldwideGeneralInsuranceCo.,Ltd.
ComputerForensicLaboratory,Officeof
InformationTechnology,Customs&Excise
Department
CPCNet HongKongLimited
DoctorASecuritySystems(HK)Ltd
HoganDataCenterShanghaiLtd.
HongKongCyberportManagementCompany
Ltd
HutchisonGlobalCentre Limited
JointElectronicTellerServicesLtd.
JointElectronicTellerServicesLtd.
NECHongKongLimited,BusinessSolutions&
Services
NetDimensions Limited
Novation SolutionsLimited
OrientOverseasContainerLineLtdGlobalData
Centre
PacificBechtelCo.LTD
PCCWPowerbaseDataCenterServices
PCCWSolutionsLimited
PricewaterhouseCoopers
ReutersHongKongLimited(HongKongData
Center)
TaiFookSecuritiesGroupLimited
TaifookSecuritiesCompanyLimited
TheDairyFarmCompanyLtd.I.T.Department
ToppanForms(HK)Ltd.
ToppanFormsCardTechnologiesLtd.
ToppanFormsComputerSystemsLtd.
TQMConsultantsLtd
TseungKwanOHospital,Departmentof
Radiology
GovernmentoftheMacaoSpecialAdministrative
RegionofthePeople'sRepublicofChina,
IdentificationServicesBureau
ABeam SystemsInformationTechnology(Shenzhen)
Co.,Ltd.
AccentureDCNBPOChinaCenter
AccentureTechnologySolutions(Dalian)Co.,Ltd
AceMoldIndustrial(Shenzhen)CompanyLimtied
Achievo InformationTechnologyCo.,Ltd.(Shenzhen,
Beijing,Shanghai,Dalian,Japan)
AdvancedSemiconductorManufacturingCorporation
Limited
AffiliatedComputerService(TIANJIN)CO,Ltd
ArcherMind Technology(Nanjing)Co.,Ltd.
Arvato Systems(Shanghai)Co.Ltd.EnterpriseIT
Service Datacentre
Arvoto Systems(Shanghai)Co.Ltd.
ATOSORIGININFORMATIONTECHNOLOGY
(SHANGHAI)CO.,LTD
AtosOrigin InformationTechnology(Shanghai)Co.,Ltd.
ShanghaiBranchOffice
Bachieve International(Xi'an)Inc.
BankofCommunicationsCo.,Ltd.
BankofDalianCo.,Ltd.InformationTechnology
Department
BankofShanghaicompanylimited,Information
TechnologyDepartment
BearingPointInformationTechnologies(Shanghai)Ltd.
BEIJINGITOWNETCYBERTECHNOLOGYLTD.
BeijingCoreSoftwareCo.,Ltd
BeijingInfohold Information&Technology Co.,Ltd.Infohold
CCDC
BEIJINGITOWNETCYBERTECHNOLOGYLTD.
BeijingJn Tass TechnologyCo.,Ltd.
BeijingNorthKingTechnologyCo.,Ltd.
BeijingShenzhou Lvmeng ScienceandTechnologyCo.,
Ltd;.NSFOCUS InformationTechnology(Beijing)Co.,Ltd.
BeijingSymbio SystemsInc.ITDivisionandShareService
Beyondsoft (Beijing)Co.,Ltd.
Bleum Software(Shanghai)Co.,Ltd.
BroadenGate SoftwareServiceCo.,Ltd.
BroadenGate SoftwareServiceCo.,Ltd.
BusinessCallCenter,GuangzhouBranch,ChinaTelecomCo
Ltd.
Butone InformationCorporationXi'an
BYDCompanyLimited
Centaline ChinaPropertyConsultantsLtd.
ChinaCinda AssetManagementCorporation
ChinaConstructionBankShandongBr
ChinaCreditInformationTechnologyCo.,Ltd
ChinaDataGroup(Beijing)Limited.
ChinaEverbright BankCreditCardCenter
ChinaExport&CreditInsuranceCorporation(SINOSURE)
InformationResourceManagementDepartment
ChinaInternationalElectronicCommerceCenter(Co.,
Ltd)
ChinaMobileGroupBeijingCo.,Ltd
ChinaMobileGroupLiaoningCo.,Ltd
ChinaMobileGroupTianjinCo.,Ltd
ChinaNationalOffshoreOilCorporationInformation
TechnologyCenter
ChinaNetcom(Group)CompanyLtd.TianjinBranch
ChinaNetcome (Group)Co.,Ltd.BeijingBranch,CNC
IDC
ChinaOrientAssetManagementCorporation,
InformationTechnologyDepartment
ChinaTelecomCo.,Ltd.ShanghaiBranch
ChinaTelecomCorporationLimitedShanghai
TelecommunicationsBillingCenter
ChinaTelecomGroupBeijingCorporation
ChinaVanke Co.,Ltd.
CIeNET Communication(Beijing)Co.,Ltd
CIeNET Technologies(Beijing)Co.,Ltd.
CIGNA&CMCLifeInsuranceCompanyLimited
COMPUPACIFICINTERNATIONAL(XI'AN)LTD.
CompuPacific InternationalLtd.
COSCOContainerLinesComputerCenter
CSMCTechnologiesFAB1Co.,Ltd.
DalianHiThinkComputerTechnologyCorp.
DalianHuojin InformationScience&TechnologyCo.,
Ltd.
DalianPreSoft CompanyLimited
DalianSoftwareParkConsultantCo.Ltd.
DalianXinhuaInfotech Co.,Ltd.
DigitalChinaAdvancedSystemsServicesLimited
DigitalChinaFinancialSoftwareCo.,Ltd,Outsourcing
Business
DigitalPrintingCenterofShanghaiMatsuokaPrinting
Co.,Ltd.
EmersonNetworkPowerCo.,Ltd.
flextronics (china)electronicstechnologyco.,ltd.
FlextronicsTechnology(Shanghai)Co.Ltd
Formax BPOBeijingInc.
Freeborders SoftwareDevelopment(Shenzhen)Co.,
Ltd.
FujiXeroxofShanghaiLtd.
FujiXeroxofShenzhenLtd.
GDADHAKUHODOAdvertisingCo.,Ltd.
Genpact (Dalian)Co.,Ltd
GIANTNETWORKTECHNOLOGYLIMITED,SHANGHAI
ZHENGTUNETWORKTECHOLOGYCO.,LTD,
SHANGHAIZHENGTUINFORMATIONTECHNOLOGY
CO.,LTD
GlobalDataSolutionsLTD
GraceSemiconductorManufacturingCorporation
GuangdongMobileCommunicationCo.,Ltd.
GuangdongSANTAIElectronicTechnologyCo.,Ltd.
GuangdongTelecomCo.,Ltd.GuangzhouBranch
GuangdongTelecomjCo.,Ltd.ShenzhenBranch/
ShenzhenLongGang IDC
GuangzhouSANTAIELEC.Co.,Ltd.
Han'sLaserTechnologyCo.,Ltd.
HarbinJiahong TechnologyDevelopmentCo.,Ltd.
HeJian Technology(Suzhou)Co.,Ltd
HenanPeaceFilterCo.,Ltd.
Hisoft InternationalTechnologyLtd
Hu ZhouElectricPowerBureau
Huangdao PowerPlantofShandong
Huawei TechnologiesCo.,Ltd.
HUNDSUNTechnologiesInc.
Huzhou ElectricPowerBeaura
IBMGLOBALSERVICES(CHINA)COMPANYLIMITED
Infodeliver TechnologyService(Dalian)Co.,Ltd
Insigma Hengtian SoftwareLtd.
ISIChinaCo.,Ltd.
ISOFTSTONEINFORMATIONSERVICECORPORATION
Jiaxing ElectricPowerBeaura
JingHua ElectricPowerBeaura
KHI(Dalian)ComputerTechnologyCo.,Ltd.
KingdomFineMetalLimited
LeoPaperBagsManufacturingLimited
LinkageSoftwareCo.,Ltd.
Lionbridge (Beijing)Technologies,Inc.
Longtop FinancialTechnologiesLimited
M&YCHINALTD
MITACComputer(ShunDe)Ltd
ModernHighTechDevelopmentCo.,Ltd.(Dalian)
NanjingFujitsuNandaSoftwareTechnologyCo.,Ltd.
NanjingSinosoft TechnologyCo.,Ltd.
NantongCOSCOKHIShipEngineeringCo.,Ltd.
NationalHealthResearchInstitutes
Neusoft Corporation
NSFOCUSINFORMATIONTECHNOLOGY(BEIJING)
CO.,LTD.BEIJINGSHENZHOULVMENGSCIENCEAND
TECHNOLOGYCO.,LTD.
OKISoftwareTechnologyCo.,Ltd. SoftwarePublic
TestCenter
OperationsBranchofShenzhenMetroCo
ORid(China)InformationTechnologyCo.,Ltd.
PAYEASE(Beijing)Co.Ltd.
PearlDigitalSoftwareDevelopment(Shanghai)Co.,
Ltd.
PICC,XiamenBranch
PingAnInsurance(Group)CompanyofChinaLtd
PreciseTechnologyCo.,Ltd.
PricewaterhouseCoopersZhong Tian CPAs
QingdaoFubo SystemEngineeringCo.,Ltd.
Qingyi PrecisionMaskmaking(Shenzhen)Ltd.
Qu ZhouElectricPowerBureau
Quzhou ElectricPowerBeaura
RicohAsiaIndustry(Shenzhen)Ltd
RICOHELEMEX(SHENZHEN)CO.,LTD.
RICOHEXPRESS(SHENZHEN)WAREHOUSELTD.
RICOHIMAGINGTECHNOLOGY(SHANGHAI)CO.,
LTD.
RICOHIMAGINGTECHNOLOGY(SHENZHEN)CO.,
LTD.
RICOHINTERNATIONALLOGISTICS(SZ)LIMITED
RicohSoftwareResearchCenterBeijingCo.,Ltd.
SatyamComputerServicesLimited Shangai
SecurityOperatorCenter,DMXTechnologiesGroup
(China)
SemiconductorManufacturingInternational(Shanghai)
Corporation
ShanghaiBaosight SoftwareCo.,Ltd.
ShanghaiDaishowaCo.,Ltd.
ShanghaiEvenDataProcessingCo.,Ltd.
ShanghaiGreatWallIdealCo.,Ltd.
ShanghaiHewlettPackardCo.Ltd.DalianBranch,HPS
APJOutsourcingServices
ShanghaiHewlettPackardCo.,Ltd.
ShanghaiHua HongNECElectronicsCompanyLimited
ShanghaiHyron SoftwareCo.,Ltd.
ShanghaiJiulong ElectricPowerScience&Technology
Co.,Ltd.
ShanghaiMicroElectronicsEquipmentCo.,Ltd.
ShanghaiPeopleNet SecurityTechnologyCo.,Ltd.
ShanghaiRicohDigitalEquipmentCo.,Ltd.
SHANGHAIRICOHFACSIMILECO.,LTD
ShanghaiRicohOfficeEquipmentCo.,Ltd.
ShanghaiSupercomputerCenter
ShanghaiTelecomAccountCenter
ShanghaiZhengtu InformationTechnologyCo.,Ltd.
Shao XingElectricPowerBureau
Shaoxin ElectricPowerBeaura
ShenyangKimotoIndustriesCo.,Ltd.
ShenyangNeusoft Co.,Ltd
ShenyangNeusoft ITServiceCo.,Ltd
ShenzhenELink InformationTechnologyCo.,Ltd.
ShenzhenKingdomDataServiceCo.,Ltd
ShenzhenSangFei ConsumerCommunicationsCo.,
Ltd.
ShenzhenSangFei ConsumerCommunicationsCo.,
Ltd.
ShenzhenSangFei ConsumerCommunicationsCo.,
Ltd.
ShenzhenSecuritiesCommunicationCo.,Ltd.
ShenzhenStockExchange
SichuanPublicInformationIndustryCo.Ltd.(A
SubsidiaryofSiChuan TelecomCompanyLimited)
SiemensAG
Suhou Gopha TechnologyCo.,Ltd.
Sunyard SystemEngineeringCo.,Ltd. BPOCause
Dept./Sunyard (Hangzhou)ComputerServiceCo.,Ltd.
SuzhouShengyi Sci.TechCo.,Ltd
SYNNEXInformationTechnologiesCo.Ltd.
TianjinMitsumiElectricCo.,Ltd
TNTDirectMarketingServices(Shanghai)Company
TransCosmosInformationCreative(China)Co.,Ltd.
TRANSCOSMOSINFORMATIONCREATIVE(CHINA)
CO.,LTD.
UFIDASoftwareEngineeringCo.,Ltd.
UnionLifeInsuranceCo.,Ltd.InformationManagement
Centre
Unisys(Shanghai)InformationTechnologyCompany
Limited
VeriSilicon Microelectronics(Shanghai)Co.,Ltd.
Wicresoft (Shanghai)Co.,Ltd.
Wicresoft (Shanghai)Co.,Ltd.
WuxiHuaxia ComputerTechnologyCo.,Ltd
YAMAGATAINTECH(Shanghai)Co.,Ltd.
YangMingMarineTransportCorp.
YSPAY(Beijing)TechnologyCo.,Ltd.PersonalFinance
Department
YSPAY(Beijing)TechnologyCo.,Ltd.PersonalFinance
Department
ZFFasterPropulsionSystemCo.,Ltd.
Zhuhai PreciseBPOTechnologyCo.,Ltd.
ZTECorporationCo.,Ltd
ISO27000ISMSFamily Benefits
InternationalRecognisedProcessModel(PDCA)
Identify&Appreciate
InformationAssetValue(IAV)
ApplicableRisks
ApplyControlsCommensurateWithRisk/IAV
GreaterStaffAwarenessofInformationSecurity
RecognitionbyIndustryPeers/Regulators
Benchmark BusinessPartners/Suppliers
EdgeOverCompetitors
ISO/IECJTC1SC27WG2
SecurityTechniques&Mechanisms
7064 CheckCharacterSystems
9796 DigitalSignatureSchemesGivingMessageRecovery
9797 Messageauthenticationcodes(MACs)
9798 EntityAuthentication
10116 ModesofOperationforanNBitCipher
10118 HashFunctions
11770 KeyManagement
13888 NonRepudiation
14888 DigitalSignatureswithAppendix
15946 CryptographicTechniquesBasedonEllipticCurves
18014 TimeStampingServices
18031 Randombitgeneration DraftTechnicalCorrigendum1
18032 PrimeNumberGeneration
18033 EncryptionAlgorithms
19772 AuthenticatedEncryption
29150 Signcryption
29192 LightweightCryptography
ISO/IECJTC1SC27WG3
SecurityEvaluationCriteria
11889 TrustedPlatformModule
15292 ProtectionProfileRegistrationProcedures
15408 EvaluationCriteriaforITSecurity
15443 AframeworkforITsecurityassurance
15446 GuidefortheproductionofProtectionProfiles&SecurityTargets
18045 MethodologyforITSecurityEvaluation
19790 SecurityRequirementsforCryptographicModules(FIPS1402)
19791 SecurityAssessmentofOperationalSystems
19792 Securityevaluationofbiometrics
21827 SystemsSecurityEngineering CapabilityMaturityModel
24759 TestRequirementsforCryptographicModules
29128 VerificationofCryptographicProtocols
29147 ResponsibleVulnerabilityDisclosure
29193 Securesystemengineeringprinciplesandtechniques
ISO/IECJTC1SC27WG4
ImplementationofInformationSecurity
ControlObjectivesandControls
14516 GuidelinesontheUse&ManagementofTTPServices
15816 SecurityInformationObjectsforAccessControl
15945 SpecificationofTTPServicestoSupporttheApplicationofDigitalSignatures
18028 ITNetworkSecurity
18043 SelectionDeployment&OperationsofIDS
18044 InformationSecurityIncidentManagement
24762 Guidelines Information&CommunicationsTechnologyDisasterRecoveryServices
27031 GuidelinesforICTReadinessforBusinessContinuity
27032 GuidelinesforCybersecurity
27033 NetworkSecurity
27034 Applicationsecurity
27035 InformationSecurityIncidentManagement
27036 GuidelinesforSecurityofOutsourcing
27037 GuidelinesforIdentificationCollectionAcquisitionPreservationofDigitalEvidence
29149 BestPracticeontheProvisionofTimeStampingServices
ISO/IECJTC1SC27WG5
IdentityManagement&Privacy
Technologies
24745 Biometrictemplateprotection
24760 FrameworkforIdentityManagement
24761 BiometricAuthenticationContext
29100 PrivacyFramework
29101 PrivacyReferenceArchitecture
29115 EntityAuthenticationAssurance
29146 FrameworkforAccessManagement
29190 PrivacyCapabilityMaturityModels
29191 RequirementsforRelativeAnonymitywithIdentityEscrow
ISMSFamilyofStandards Roadmap
27006
Certification Body
Requirements
27001
Requirements
27007
Audit Guidelines
27002
Code of Practice
27003
Implementation
Guidance
27005
Risk Management
27004
Measurements
27031
Business Continuity
27033
Network Security
27034
Application Security
27035
Incident Management
27036
Outsourcing
27037
Digital Evidence
27011
Telecommunications
27799
Health
Key:
Normative
(Requirements)
Standard
Informative
(Guidelines)
Standard
Fixed line:
Supports
DaleJohnstone
DeputyConvenorWGSC27WG1
ChiefSecurityOfficer,RiskManagement,PCCW
ChairmanISMSInternationalUserGroup
(HK&MacauChapter)
(dale.johnstone@pccw.com)