THE ISO 27000 SERIES
ISO 27000 is the generic name assigned for standards related to information security issues and topics. Over time it is proposed that a range of standards will be published to cover subjects in this genre.
The first of these was ISO 27001, which is the specification for an ISMS. In the first half of 2007, ISO 27002 was published. This was not a replacement for ISO 17799:2005, but simply a rename. Also in the first half of 2007, ISO 27006 was published. This stated the 'Requirements for Bodies Providing Audit and Certification of an Information Security Management System'
However, others are expected to follow over the next few years.
The current expectations for other 27k standards are as follows:
ISO 27003 will offer ISMS implementation guidelines
ISO 27004 will cover information security metrics and measurements
ISO 27005 is expected to cover ISMS risk management
The timescales for these developments are very much fluid, but certainly, work is well underway on a number of them.
Why the ISO 27000 series? We have absolutely no idea, with our reseach drawing a blank. If you can answer this question, please let us know!
IS THERE A ISO27000 STANDARD?
There will indeed be a standard named ISO 27000. As is usual when ISO release a series of standards, the first defines terminology and vocabulary for that series.