International Standards Group 270000
The main purpose of international standards is to create a unified framework at the interstate level for the development of new and improvement of existing quality systems. Cooperation in the field of standardization is aimed at bringing the national standardization system into line with the international one. International standards do not have the status of mandatory for all participating countries. Any country in the world has the right to apply or not apply them. The decision on the application of the international standard is mainly related to the degree of participation of the country in the international division of labor.
International standards are adopted by the International Organization for Standardization (ISO).
ISO was established in 1946 by representatives of twenty-five industrialized countries and has the authority to coordinate the development of various industrial standards at the international level and implements the procedure for their adoption as international standards.
The scope of ISO's activities concerns standardization in all fields except electrical engineering and electronics, which fall within the competence of the International Electrotechnical Commission (IEC). Some types of work are carried out jointly by these organizations. In this case, the abbreviation ISO/IEC appears in the name of the standard.
In 2008, a separate group related to information security was identified in the system of international standards, which has the name ISO/IEC 27000. These standards are published jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC).
The series contains the best practices and recommendations in the field of information security for the creation, development and maintenance of an Information Security Management System.
Currently, the series contains more than 30 standards, most of which are valid on the territory of the Russian Federation with a similar GOST number. The top ten of the group includes:
GOST R ISO/IEC 27000-2012 - "SMIB. General overview and terminology".
GOST R ISO/IEC 27001-2006 - "SMIB. Requirements of GOST R ISO/IEC 27002-2012- "ISMS. A set of norms and rules of information security management".
GOST R ISO/IEC 27003-2012 - "SMIB. Guidelines for the implementation of the information security management system".
GOST R ISO/IEC 27004-2011 - "SMIB. Measurements".
GOST R ISO/IEC 27005-2010 - "SMIB. Information Security Risk Management".
GOST R ISO/IEC 27006-2008 - "SMIB. Requirements for bodies that audit and certify information security management systems".
GOST R ISO/IEC 27007-2014 - "SMIB. Guidelines for the audit of information security management systems".
So, the main task of information security standards is to coordinate the positions and goals of manufacturers, consumers and classifier analysts in the process of creating and operating information technology products.
The first versions of the standards were created mainly based on the needs of defense and were aimed at ensuring the secrecy of information. With the development of computer technology and telecommunications, there was a need to create new standards that reflect the features of the modern level of information technology. The applied international standards do not contain end-to-end scales and lists of safety requirements, they are focused on the application of protection profiles, which are a list of functional requirements for systems of a certain purpose.
