Information security has become a key component in the evolution of information technology itself. It has become an enabler, and of course, is a major aspect of corporate governance.
Underpinning this has been the movement towards common use of standards, particularly the ISO standards. These to have evolved, and continue to do so. Indeed, the coming years promise to see major changes in the structure of security standards, and the publication of a number of new documents.
This section of W3J explores these developments, and identifies the key standards, and support resources, in the field.
STATE OF PLAY
The first ISO 27000 series standard was published late in 2005. This was the specification for an ISMS, ISO 27001. The timetable for the others is not firm, but they should arrive gradually during the next couple of years. This page will be updated as and when developments occur.