The FREE Cybersecurity Glossary by Thor Pedersen!

ISO 27002: A part of the ISO 27000 family, ISO 27002 is a code of practice for information security controls. It provides best practice guidance on applying the controls listed under Annex A of ISO 27001. These controls, when implemented, provide ways of managing information security risks and ensuring confidentiality, integrity, and availability of data. Organizations often use ISO 27002 to guide the selection and implementation of controls based on their specific risk environment.

ISO 27004: A part of the ISO 27000 family of standards, ISO 27004 provides guidelines and recommendations for the development and use of measures and measurements to assess the effectiveness of an implemented information security management system (ISMS) and the controls or groups of controls, as specified in ISO 27001. This standard is designed to help organizations measure, report, and, consequently, improve the effectiveness of their information security.

ISO 27043: A member of the ISO 27000 series, ISO 27043 provides guidelines for incident investigation principles and processes. This includes the characteristics of various types of incidents, key considerations in the investigation process, and the roles and responsibilities involved. By adhering to ISO 27043, organizations can ensure their incident investigations are thorough, systematic, and effective in identifying the cause and impact of incidents and preventing future occurrences.

ISO 31000: A standard that provides guidelines for risk management. It outlines a clear and comprehensive process for identifying, assessing, and managing risks, which can apply to a wide variety of activities and sectors, including those related to data and information handling. By following this standard, organizations can manage risks more effectively, which can include risks to data security, integrity, and availability.

ISO 31004: While ISO 31004 provides guidance on the implementation of risk management, it is important to note that ISO 31004 is not an officially published standard by ISO. Rather, it is a technical report designed to help organizations apply the principles and guidelines of ISO 31000, the risk management standard. The technical report aims to clarify the intent of ISO 31000 and to assist with the effective application of risk management within the organization.

ISO 55000: A suite of standards for asset management, encompassing both tangible and intangible assets. This standard outlines principles for effective asset management, including inventory management, risk assessment, and maintenance planning to maximize asset value and manage risks effectively.