Hello Dear TurkHackTeam Members,
In this subject, we have compiled information for you about the history of ISO, which constitutes the most important standards in the world and gathers them under its roof, and its two most prominent standards. Happy reading...
Table of contents
1.ISO What is a diamond?
2.ISO How many standards does the system have?
3.ISO What is 27001?
4.ISO What is 27002?
5.ISO What is the difference between 27001 and ISO 27002?
What is ISO?
The International Organization for Standardization (ISO) was established on February 23, 1947, when delegates from twenty-five countries met at the Institute of Civil Engineers in London, England, in 1946, and it was decided to form a new international team for international coordination and facilitation of the unification of industrial standards. The International Organization for Standardization (ISO), a non-governmental organization, is headquartered in Geneva, Switzerland. ISO also plays an important role in facilitating overall trade in the world by providing equal standards between countries.
ISO was established with the support of national standard institutions from one hundred and thirty-five countries. It is currently managed with a membership base of over 179. The principles that are accepted as common in organizations such as ISO, IEC, IAF, ILAC and WTO/WTC prioritize facilitating trade in order to remove various technical barriers to trade. They published their first standard in 1987. Since the date of their establishment, they have the success of publishing many international standards covering almost all areas of technology and production. Today, there are now members from four hundred countries and seven hundred and six technical committee members and sub-committee members. The areas covered by ISO standards are all available from health to technology, from production to safety and the environment.
What is the purpose of ISO?
ISO aims to protect the well-being of consumers and users of products and services. It also aims to enable consumers to apply for these services and products without hesitation. This goal is aimed at every organization. However, ISO approached this from a different point of view by looking at it more objectively. In addition, ISO provides governments with technical support for health and safety. At the same time, ISO supports technology transfer to developing countries. At the same time, it aims to ensure that products and services are safe and tangible at the same time. Their most important goal is to eliminate differences.
How many standards does ISO have?
ISO has more than 24,208 international standards so far, which in addition to improving communication and cooperation, facilitate international business growth. ISO standards set out the procedures and products for the entire organization. In addition, ISO publishes technical reports, norms, many national standardization programs, specifications, guidelines and public specifications.
There are two most prominent standards of ISO, which are controlled by the relevant persons and accepted internationally as a result, and which play a major and important role in facilitating world trade. These are ISO 27001 and ISO 27002.
What is ISO 27001?
The first of the standards in the foreground was the ISO 27001 standard; It is a standard that plays a big role in keeping the private information of the industries themselves and the customers they own safe. With ISO 27001, an international framework, organizations can consider and manage and mitigate privacy risks. They then carry out the necessary security measures. This helps to constantly examine the methods that will be applied not only for the present but also for the future.
Through the adoption of an Information Security Management System (ISMS), ISO 27001 provides a framework to help organizations of all sizes or any industry protect their knowledge in a systematic and cost-effective manner. The specification includes details for documentation, management responsibility, internal audits, continuous improvement and corrective and preventive actions. The standard requires cooperation among all parts of an organization. The ISO 27001 standard does not mandate specific information security controls, but provides a checklist of controls to be considered in the accompanying ISO/IEC 27002:2005 codes of practice. This second standard describes a comprehensive set of information security control objectives and a set of generally accepted well-practice security controls.
What is ISO 27002?
The first name of ISO 27002, which is the primary name of our topic and one of the two most important names of ISO, is ISO/IEC 1779. It was released under this name in 2000. With ISO 27001 published later, it was completely revised and renamed and became ISO 27002 which is used today. These two are designed to complement each other like a standard puzzle. ISO 27002 is designed to be implemented in conjunction with the guidance provided under ISO 27001 and provides hundreds of potential checks and control mechanisms. The controls listed and proposed in the standard are aimed at addressing specific issues identified during a formal risk assessment. This standard also aims to provide guidance for the development of security standards and effective security management practices.These are regularly updated to include references to other security standards published by ISO/IEC such as ISO/IEC 27000 and ISO/IEC 27005, in addition to information security best practices that have emerged since previous publications. These include the selection, implementation, and method of control based on an organization's unique information security risk environment. The publication of ISO 27002, published in 2013, contains a total of 114 controls. To give an example of these controls; Controls such as structure, security policies, organization of information security, human resources security, IT asset management, access control, cryptography, physical and environmental security, operation security, communication security, information systems acquisition, development and maintenance, supplier relations, information security aspects and compliance with specified directives or specifications can be given as the main examples.
What is the difference between ISO 27001 and ISO 27002?
Puzzles that complement each other are always different from each other. ISO 27001 and ISO 27002 may look quite similar. Both standards relate to IT security and robustness, creating a strong Information Security Risk Management System (ISMS). ISO 27001 is an information secure management standard related to information security controls. It is designed to be used when managing or implementing an Information Security Risk Management system (ISMS). To sum it up briefly, a ISMS refers to the systems, technology, people, and other elements of a plan designed to secure your corporate data, such as important files, websites, servers, and emails. It is a holistic concept designed to unify all the different controls that are in place to protect your data from accidental loss, data leaks, breaches, hacks and other such threats and vulnerabilities. For example, ISO 27001 Annex A sets out the requirements for information security policies, the safe protection of human resources, IT asset management, data cryptography and encryption, operational security and other such important areas of your Information Security Risk Management System (ISMS). Meeting ISO 27001 standards requires a systematic monitoring, measurement, analysis and evaluation process and often involves internal audits to identify weaknesses and areas before an assessment is carried out.
The most important difference between ISO 27001 and ISO 27002 is the receipt of certification. While you can get ISO 27001 certification, you cannot get certified in ISO 27002. It is not possible to get certified according to ISO 27002 standards. Basically, you need to lay out the compliance requirements required to become certified to ISO 27001. However, ISO 27002 consists of a set of guidelines created to help you introduce and implement Information Security Risk Management System (ISMS) best practices. By analogy, ISO 27002 is like a guidebook or a mock test. ISO 27001 is full of rules, guidelines and tips that can help you prepare tests.
Dear Members,
You have come to the end of one more topic.
But did you already know how these two ISO standards differ?
In this subject, we have compiled information for you about the history of ISO, which constitutes the most important standards in the world and gathers them under its roof, and its two most prominent standards. Happy reading...
Table of contents
1.ISO What is a diamond?
2.ISO How many standards does the system have?
3.ISO What is 27001?
4.ISO What is 27002?
5.ISO What is the difference between 27001 and ISO 27002?
What is ISO?
The International Organization for Standardization (ISO) was established on February 23, 1947, when delegates from twenty-five countries met at the Institute of Civil Engineers in London, England, in 1946, and it was decided to form a new international team for international coordination and facilitation of the unification of industrial standards. The International Organization for Standardization (ISO), a non-governmental organization, is headquartered in Geneva, Switzerland. ISO also plays an important role in facilitating overall trade in the world by providing equal standards between countries.
ISO was established with the support of national standard institutions from one hundred and thirty-five countries. It is currently managed with a membership base of over 179. The principles that are accepted as common in organizations such as ISO, IEC, IAF, ILAC and WTO/WTC prioritize facilitating trade in order to remove various technical barriers to trade. They published their first standard in 1987. Since the date of their establishment, they have the success of publishing many international standards covering almost all areas of technology and production. Today, there are now members from four hundred countries and seven hundred and six technical committee members and sub-committee members. The areas covered by ISO standards are all available from health to technology, from production to safety and the environment.
What is the purpose of ISO?
ISO aims to protect the well-being of consumers and users of products and services. It also aims to enable consumers to apply for these services and products without hesitation. This goal is aimed at every organization. However, ISO approached this from a different point of view by looking at it more objectively. In addition, ISO provides governments with technical support for health and safety. At the same time, ISO supports technology transfer to developing countries. At the same time, it aims to ensure that products and services are safe and tangible at the same time. Their most important goal is to eliminate differences.
How many standards does ISO have?
ISO has more than 24,208 international standards so far, which in addition to improving communication and cooperation, facilitate international business growth. ISO standards set out the procedures and products for the entire organization. In addition, ISO publishes technical reports, norms, many national standardization programs, specifications, guidelines and public specifications.
There are two most prominent standards of ISO, which are controlled by the relevant persons and accepted internationally as a result, and which play a major and important role in facilitating world trade. These are ISO 27001 and ISO 27002.
What is ISO 27001?
The first of the standards in the foreground was the ISO 27001 standard; It is a standard that plays a big role in keeping the private information of the industries themselves and the customers they own safe. With ISO 27001, an international framework, organizations can consider and manage and mitigate privacy risks. They then carry out the necessary security measures. This helps to constantly examine the methods that will be applied not only for the present but also for the future.
Through the adoption of an Information Security Management System (ISMS), ISO 27001 provides a framework to help organizations of all sizes or any industry protect their knowledge in a systematic and cost-effective manner. The specification includes details for documentation, management responsibility, internal audits, continuous improvement and corrective and preventive actions. The standard requires cooperation among all parts of an organization. The ISO 27001 standard does not mandate specific information security controls, but provides a checklist of controls to be considered in the accompanying ISO/IEC 27002:2005 codes of practice. This second standard describes a comprehensive set of information security control objectives and a set of generally accepted well-practice security controls.
What is ISO 27002?
The first name of ISO 27002, which is the primary name of our topic and one of the two most important names of ISO, is ISO/IEC 1779. It was released under this name in 2000. With ISO 27001 published later, it was completely revised and renamed and became ISO 27002 which is used today. These two are designed to complement each other like a standard puzzle. ISO 27002 is designed to be implemented in conjunction with the guidance provided under ISO 27001 and provides hundreds of potential checks and control mechanisms. The controls listed and proposed in the standard are aimed at addressing specific issues identified during a formal risk assessment. This standard also aims to provide guidance for the development of security standards and effective security management practices.These are regularly updated to include references to other security standards published by ISO/IEC such as ISO/IEC 27000 and ISO/IEC 27005, in addition to information security best practices that have emerged since previous publications. These include the selection, implementation, and method of control based on an organization's unique information security risk environment. The publication of ISO 27002, published in 2013, contains a total of 114 controls. To give an example of these controls; Controls such as structure, security policies, organization of information security, human resources security, IT asset management, access control, cryptography, physical and environmental security, operation security, communication security, information systems acquisition, development and maintenance, supplier relations, information security aspects and compliance with specified directives or specifications can be given as the main examples.
What is the difference between ISO 27001 and ISO 27002?
Puzzles that complement each other are always different from each other. ISO 27001 and ISO 27002 may look quite similar. Both standards relate to IT security and robustness, creating a strong Information Security Risk Management System (ISMS). ISO 27001 is an information secure management standard related to information security controls. It is designed to be used when managing or implementing an Information Security Risk Management system (ISMS). To sum it up briefly, a ISMS refers to the systems, technology, people, and other elements of a plan designed to secure your corporate data, such as important files, websites, servers, and emails. It is a holistic concept designed to unify all the different controls that are in place to protect your data from accidental loss, data leaks, breaches, hacks and other such threats and vulnerabilities. For example, ISO 27001 Annex A sets out the requirements for information security policies, the safe protection of human resources, IT asset management, data cryptography and encryption, operational security and other such important areas of your Information Security Risk Management System (ISMS). Meeting ISO 27001 standards requires a systematic monitoring, measurement, analysis and evaluation process and often involves internal audits to identify weaknesses and areas before an assessment is carried out.
The most important difference between ISO 27001 and ISO 27002 is the receipt of certification. While you can get ISO 27001 certification, you cannot get certified in ISO 27002. It is not possible to get certified according to ISO 27002 standards. Basically, you need to lay out the compliance requirements required to become certified to ISO 27001. However, ISO 27002 consists of a set of guidelines created to help you introduce and implement Information Security Risk Management System (ISMS) best practices. By analogy, ISO 27002 is like a guidebook or a mock test. ISO 27001 is full of rules, guidelines and tips that can help you prepare tests.
Dear Members,
You have come to the end of one more topic.
But did you already know how these two ISO standards differ?
See you in the next topic...
Translator: @ByFelez
Subject Author: @'Ursula
Subject: https://www.turkhackteam.org/konula...yarar-iso-27001den-farklari-nelerdir.2010964/
