Information technology — Security techniques — Information security management systems — Overview and vocabulary Technologies de l'information — Techniques de sécurité — Systèmes de management de la sécurité de l'information — Vue d'ensemble et vocabulaireINTERNATIONAL STANDARDISO/IEC 27000 Reference number ISO/IEC 27000:2018(E)Fifth edition 2018-02 © ISO/IEC 2018 ISO/IEC 27000:2018(E) ii © ISO/IEC 2018 – All rights reservedCOPYRIGHT PROTECTED DOCUMENT © ISO/IEC 2018 All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of the requester. ISO copyright office CP 401 • Ch. de Blandonnet 8 CH-1214 Vernier, Geneva, Switzerland Tel. +41 22 749 01 11 Fax +41 22 749 09 47 copyright@iso.org www.iso.org Published in Switzerland ISO/IEC 27000:2018(E) Foreword ........................................................................................................................................................................................................................................ iv Introduction .................................................................................................................................................................................................................................. v 1 Scope ................................................................................................................................................................................................................................. 1 2 Normative references ...................................................................................................................................................................................... 1 3 Terms and definitions ..................................................................................................................................................................................... 1 4 Information security management systems ......................................................................................................................... 11 4.1 General ........................................................................................................................................................................................................ 11 4.2 What is an ISMS? ................................................................................................................................................................................ 11 4.2.1 Overview and principles ........................................................................................................................................ 11 4.2.2 Information ........................................................................................................................................................................ 12 4.2.3 Information security .................................................................................................................................................. 12 4.2.4 Management ..................................................................................................................................................................... 12 4.2.5 Management system .................................................................................................................................................. 13 4.3 Process approach ............................................................................................................................................................................... 13 4.4 Why an ISMS is important