Information security standards

Information security standards refer to a set of guidelines and best practices developed and published by the International Organisation for Standardisation (ISO) and the International Electrotechnical Commission (IEC) under the ISO/IEC 27000 family. These standards aim to ensure the confidentiality, integrity, and availability of information by providing a framework for managing and protecting sensitive data.From: Decision support for selecting information security controls [2018]

The it Department’s Perspective: Providing A Safe and Efficient it Service 24/7

View Chapter

Purchase Book

Published in Alexander Peck, Clark’s Essential PACS, RIS and Imaging Informatics, 2017

Alexander Peck

Local IT departments will apply their own security policies and most will, as a minimum, meet the ISO27001 Information Security standards, among others. They will be responsible for ensuring the security of all data held within their local network ecosystem. Any solution procured and deployed by the Radiology department will need to meet these established principles and likely integrate with existing access control systems, such as Microsoft Active Directory (the ‘Windows Login’), to manage user access.

Decision support for selecting information security controls

View Article

Journal Information

Published in Journal of Decision Systems, 2018

Luís Almeida, Ana Respício

The ISO/IEC 27000 family of information security standards is developed and published by the International Organisation for Standardisation (ISO) together with the International Electrotechnical Commission (IEC). These standards have become the de facto guidelines for best practice information security management. The ISO/IEC 27001 establishes a formal specification of the requirements that an organisation’s information security management system (ISMS) can be audited to obtain information security certification. This standard defines how information security is planned, implemented, monitored and improved. While ISO/IEC 27001 defines the mandatory requirements for an ISMS, the ISO/IEC 27002 is generic and advisory and indicates suitable information security controls within the ISMS, being merely a code of practice, containing detailed information of controls and countermeasures.

Information security standards

Explore chapters and articles related to this topic

The it Department’s Perspective: Providing A Safe and Efficient it Service 24/7

Decision support for selecting information security controls