ISO 17799 Changes to ISO 27002

To consolidate information security standards under the “27000” series number, ISO 17799:2005 has been changed to ISO 27002:2005. The renumbered standard has the same content and retains the same title, “Information Technology – Security Techniques – Code of Practice for Information Security Management”. 

The ISO 27000 family currently consists of:

  • ISO 27001:2005 – Information Security Management Systems – Requirements
  • ISO 27002:2005 – Information Technology – Security Techniques – Code of Practice for Information Security Management
  • ISO 27006:2007 – Requirements for Bodies Providing Audit and Certification of Information Security Management Systems

Information security titles in development include:

  • ISO 27000 – Information Security Management Systems Fundamentals and Vocabulary
  • ISO 27003 – Information Security Management Systems Implementation Guidance
  • ISO 27004 – Information Security Management Measurements
  • ISO 27005 – Information Security Risk Management
  • ISO 27007 – Information Security Management Systems Auditor Guidelines
  • ISO 27011 – Information Security Management Guidelines for Telecommunications