More and more organisations are implementing information security management systems (ISMS) as part of their risk management strategy. ISO/IEC 27000:2009, Information technology – Security techniques – Information security management systems – Overview and vocabulary, gives an overview of ISMS.
ISO/IEC 27000 provides an introduction to information security management and defines related terms. It applies to all types and sizes of organisations, for example, commercial enterprises, government agencies, and non-profit organisations. It helps organisations to understand the fundamentals, principles, and concepts to improve protection of their information assets.
Edward Humphreys, convenor of the working group, which developed the Standard, comments: 'Standardised security techniques are becoming mandatory requirements for e-commerce, health-care, telecoms, automotive, and many other application areas – in both the commercial and government sectors. ISO/IEC 27000:2009 aims to assist organisations more effectively achieve an appropriate level of information security.'