ISO 27000 - Series
This series will comprise an entire series of information security related
standards. ISO-27001, ISO-27002 and ISO-27006 are completed and planned are ISO-27000, ISO-27003,
ISO-27004 and ISO-27005.
Specifically, these are expected to cover the following topics:
ISI 27000 - Information security management systems - Overview and vocabulary (not yet published).
ISO 27001 - Information security management systems -- Requirements (This is the revision of BS 7799
ISO 27002 - Code of practice for information security management (Used to be numbered ISO 17799).
ISO 27003 - Will probably comprise Implementation Guidance
ISO 27004 - Is earmarked for Metrics and Measurement
ISO 27005 - Will be dedicated to Risk Management.
ISO 27006 - Requirements for bodies providing audit and certification of information security management systems.
The timeframe for these developments is long term and undefined.
The ISO 27000 - series is published by ISO.
The standards are not free, they have to be purchased. The ISO-17799 standard
can be downloaded as part of the ISO-17799
Toolkit stand alone from the ISO17799
Shop, or from ISO.
The ISO-17799 forum page contains much
useful information about the standards.