What international standard describes requirements for an information security management system (ISMS)?
- GDPR
- ISO/IEC 27001
- ISO/IEC 27000
- ISO/IEC 27002
EXPLANATION
"Standards aren’t the same as regulations and following a standard doesn’t guarantee that you’re within the relevant laws."
GDPR is a data privacy law/regulation
created by the European Union (EU). It has an "extra-territorial
effect" to protect data belonging to EU citizens and residents. This not
only applies to EU-based organizations but also that in another region,
which target or collect data related to people from European Economic
Area (EEA).
ISO 27000 has an overview of ISMS and it contains terms and definitions.
ISO 27002 has guidelines and it's optional. However, there are useful tips related to the implementation of controls and requirements, which are provided in ISO 27001.
0 comments:
Post a Comment