The FREE Cybersecurity Glossary by Thor Pedersen!

ISO/IEC 15408-1: Part of the Common Criteria for Information Technology Security Evaluation, this international standard provides a framework for specifying security functional and assurance requirements in IT products and systems. It details the general model for evaluation, ensuring that evaluated products meet certain trusted security properties.

ISO/IEC 17788: A standard that provides a comprehensive framework for understanding cloud computing, including common terminology, fundamental concepts, and characteristics. It assists organizations in recognizing the benefits and addressing the security considerations associated with cloud services, thereby supporting informed decision-making and risk management.

ISO/IEC 17799: ISO/IEC 17799 was renumbered as ISO/IEC 27002. It provides guidelines for organizational information security standards and information security management practices, including the selection, implementation, and management of controls. By following the practices outlined in ISO/IEC 27002, organizations can help to protect the confidentiality, integrity, and availability of their information.

ISO/IEC 27000 Series: A suite of international standards that focuses on different aspects of an information security management system (ISMS). It includes standards for establishing and managing the security of systems and data, risk management, auditing of information security controls, and more. The application of the ISO/IEC 27000 series standards helps organizations ensure the confidentiality, integrity, and availability of information.

ISO/IEC 27017: An international standard that provides guidelines for implementing information security controls for cloud services. The standard extends the ISO/IEC 27002 controls to address cloud-specific risks and challenges, enabling organizations to maintain data security when using cloud services. By adopting ISO/IEC 27017, organizations can ensure that they have effective security controls in place to protect data in the cloud.

ISO/IEC 27035:2023: A comprehensive standard in the ISO/IEC 27000 family that outlines a structured approach for managing information security incidents. It provides guidelines on the detection, reporting, assessment, response, and learning processes to handle security incidents effectively. The 2023 update includes best practices and principles reflecting the latest advancements in incident management to help organizations improve their ability to detect, mitigate, and recover from security incidents.