ISO/IEC 27000:2018 FREE download

I’ve caught up with a small mountain of ISO/IEC JTC 1/SC 27 emails, and updated www.ISO27001.com with a smattering of news.

A few new and updated standards have been released in the past 4 months or so, including ISO/IEC 27000:2008, the overview and glossary of terms used throughout ISO27k. 

As usual, ITTF offers legitimate FREE single-user PDF versions of ISO/IEC 27000 in both English and French

Please observe the copyright notice. The free ITTF PDFs are for personal use and are not to be shared or networked.

Other recent (but not free) releases include ISO/IEC 27007 (management system auditing), 27019 (securing SCADA/ICS process controls in the energy industry) and 27034-5 (application security).

ISO/IEC 27021 is an interesting new one: it explains the competences (knowledge and skills) required by ISMS professionals. It’s fairly straightforward, really, but nice to see it laid out in black and white, with the implication that assorted ISO27k training courses will gradually fall into line.

Perhaps we should develop an ISO 27021-aligned training course. Would you like to pop down to the South Pacific to learn how to do this ISO27k ISMS stuff, or invite me over to wherever you are? If so, please get in touch. It's a lot of work to put a course together, so we'd need to establish first whether there would be sufficient demand. 😊

There are also some privacy standards in preparation with ISO27k numbers, hinting at commonality/convergence between information risk/security management with privacy management. It's a shame they aren't already available, given the massive push towards GDPR compliance right now.

Finally, I have some choice words to say on the site about a slew of “cybersecurity” standards projects on the go, with a common concern that “cyber” and derivative words are not properly defined – a bit of a drawback for international standards, I feel. That’s one bandwagon I’m happy to observe cynically from the sidelines.