Serie ISO 27001. Familia de normas. Actualizada a 29/10/2018
Un sistema de gestión de la ciberseguridad-seguridad de la información (basado en la norma ISO 27001) es el medio más adecuado para gestionar los riesgos en esa materia, al asegurar que se identifican y valoran los activos, sus amenazas y vulnerabilidades, considerando el impacto para la organización, y que se adoptan las medidas de seguridad más coherentes con la estrategia de negocio.
Si desea implantar un sistema de gestión de la ciberseguridad-seguridad de la información conforme a ISO puede requerir apoyarse en otras normas relacionadas.
A 29 de octubre de 2018 la serie ISO 27001 está formada por las siguientes normas.
Norma |
Estado |
ISO/IEC 27000:2018. Information technology. Security techniques. Information security management systems. Overview and vocabulary | Publicada |
ISO/IEC 27001:2013/Cor 1:2014/Cor 2:2015. Information technology. Security techniques. Information security management systems – Requirements | Publicada |
ISO/IEC 27002:2013/Cor 1:2014/Cor 2:2015. Information technology. Security techniques. Code of practice for information security controls | A revisar |
ISO/IEC NP 27002. Information technology. Security techniques. Code of practice for information security controls | En borrador |
ISO/IEC 27003:2017. Information technology. Security techniques. Information security management systems. Guidance | Publicada |
ISO/IEC 27004:2016. Information technology. Security techniques. Information security management. Monitoring, measurement, analysis and evaluation | Publicada |
ISO/IEC 27005:2018. Information technology. Security techniques. Information security risk management | Publicada |
ISO/IEC 27006:2015. Information technology. Security techniques. Requirements for bodies providing audit and certification of information security management systems | Publicada |
ISO/IEC 27007:2017. Information technology. Security techniques. Guidelines for information security management systems auditing | Publicada |
ISO/IEC PRF TS 27008. Information technology. Security techniques. Guidelines for the assessment of information security controls | En borrador |
ISO/IEC TR 27008:2011. Information technology. Security techniques. Guidelines for auditors on information security controls | A revisar |
ISO/IEC 27009:2016. Information technology. Security techniques. Sector-specific application of ISO/IEC 27001. Requirements | A revisar |
ISO/IEC CD 27009. Information technology. Security techniques. Sector-specific application of ISO/IEC 27001. Requirements | En borrador |
ISO/IEC 27010:2015. Information technology. Security techniques. Information security management for inter-sector and inter-organizational communications | Publicada |
ISO/IEC 27011:2016/Cor 1:2018. Information technology. Security techniques. Code of practice for Information security controls based on ISO/IEC 27002 for telecommunications organizations | Publicada |
ISO/IEC 27013:2015. Information technology. Security techniques. Guidance on the integrated implementation of ISO/IEC 27001 and ISO/IEC 20000-1 | Publicada |
ISO/IEC 27014:2013. Information technology. Security techniques. Governance of information security | A revisar |
ISO/IEC NP 27014. Information technology. Security techniques. Governance of information security | En borrador |
ISO/IEC TR 27016:2014. Information technology. Security techniques. Information security management. Organizational economics | Publicada |
ISO/IEC 27017:2015. Information technology. Security techniques. Code of practice for information security controls based on ISO/IEC 27002 for cloud services | Publicada |
ISO/IEC 27018:2014. Information technology. Security techniques. Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors | A revisar |
ISO/IEC FDIS 27018. Information technology. Security techniques. Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors | En borrador |
ISO/IEC 27019:2017. Information technology. Security techniques. Information security controls for the energy utility industry | Publicada |
ISO/IEC 27021:2017. Information technology. Security techniques. Competence requirements for information security management systems professionals | Publicada |
ISO/IEC TR 27023:2015. Information technology. Security techniques. Mapping the revised editions of ISO/IEC 27001 and ISO/IEC 27002 | Publicada |
ISO/IEC AWI 27030. Information technology. Security techniques. Guidelines for security and privacy in Internet of Things (IoT)Title missing | En borrador |
ISO/IEC 27031:2011. Information technology. Security techniques. Guidelines for information and communication technology readiness for business continuity | A revisar |
ISO/IEC 27032:2012. Information technology. Security techniques. Guidelines for cybersecurity | Revisión confirmada |
ISO/IEC 27033-1:2015. Information technology. Security techniques. Network security. Part 1: Overview and concepts | Publicada |
ISO/IEC 27033-2:2012. Information technology. Security techniques. Network security. Part 2: Guidelines for the design and implementation of network security | Revisión confirmada |
ISO/IEC 27033-3:2010. Information technology. Security techniques. Network security. Part 3: Reference networking scenarios. Threats, design techniques and control issues | Revisión cerrada |
ISO/IEC 27033-4:2014. Information technology. Security techniques. Network security. Part 4: Securing communications between networks using security gateways | Publicada |
ISO/IEC 27033-5:2013. Information technology. Security techniques. Network security. Part 5: Securing communications across networks using Virtual Private Networks (VPNs) | Publicada |
ISO/IEC 27033-6:2016. Information technology. Security techniques. Network security. Part 6: Securing wireless IP network access | Publicada |
ISO/IEC 27034-1:2011/Cor 1:2014. Information technology. Security techniques. Application security. Part 1: Overview and concepts | Revisión confirmada |
ISO/IEC 27034-2:2015. Information technology. Security techniques. Application security. Part 2: Organization normative framework | Publicada |
ISO/IEC 27034-3:2018. Information technology. Application security. Part 3: Application security management process | Publicada |
ISO/IEC CD 27034-4. Information technology. Security techniques. Application security. Part 4: Validation and verification | En borrador |
ISO/IEC 27034-5:2017. Information technology. Security techniques. Application security. Part 5: Protocols and application security controls data structure | Publicada |
ISO/IEC 27034-6:2016. Information technology. Security techniques. Application security. Part 6: Case studies | Publicada |
ISO/IEC 27034-7:2018. Information technology. Application security. Part 7: Assurance prediction framework | Publicada |
ISO/IEC TS 27034-5-1:2018. Information technology. Application security. Part 5-1: Protocols and application security controls data structure, XML schemas | Publicada |
ISO/IEC 27035-1:2016. Information technology. Security techniques. Information security incident management. Part 1: Principles of incident management | Publicada |
ISO/IEC 27035-2:2016. Information technology. Security techniques. Information security incident management. Part 2: Guidelines to plan and prepare for incident response | Publicada |
ISO/IEC NP 27035-3. Information technology. Security techniques. Information security incident management. Part 3: Guidelines for incident response operations | En borrador |
ISO/IEC 27036-1:2014. Information technology. Security techniques. Information security for supplier relationships. Part 1: Overview and concepts | Publicada |
ISO/IEC 27036-2:2014. Information technology. Security techniques. Information security for supplier relationships. Part 2: Requirements | Publicada |
ISO/IEC 27036-3:2013. Information technology. Security techniques. Information security for supplier relationships. Part 3: Guidelines for information and communication technology supply chain security | Publicada |
ISO/IEC 27036-4:2016. Information technology. Security techniques. Information security for supplier relationships. Part 4: Guidelines for security of cloud services | Publicada |
ISO/IEC 27037:2012. Information technology. Security techniques. Guidelines for identification, collection, acquisition and preservation of digital evidence | Revisión confirmada |
ISO/IEC 27038:2014. Information technology. Security techniques. Specification for digital redaction | Publicada |
ISO/IEC 27039:2015. Information technology. Security techniques. Selection, deployment and operations of intrusion detection and prevention systems (IDPS) | Publicada |
ISO/IEC 27040:2015. Information technology. Security techniques. Storage security | Publicada |
ISO/IEC 27041:2015. Information technology. Security techniques. Guidance on assuring suitability and adequacy of incident investigative method | Publicada |
ISO/IEC 27042:2015. Information technology. Security techniques. Guidelines for the analysis and interpretation of digital evidence | Publicada |
ISO/IEC 27043:2015. Information technology. Security techniques. Incident investigation principles and processes | Publicada |
ISO/IEC 27050-1:2016. Information technology. Security techniques. Electronic discovery. Part 1: Overview and concepts | Publicada |
ISO/IEC 27050-2:2018. Information technology. Electronic discovery. Part 2: Guidance for governance and management of electronic discovery | Publicada |
ISO/IEC 27050-3:2017. Information technology. Security techniques. Electronic discovery. Part 3: Code of practice for electronic discovery | Publicada |
ISO/IEC NP 27050-4. Information technology. Security techniques. Electronic discovery. Part 4: Technical readiness | En borrador |
ISO/IEC NP 27070. Information technology. Security techniques. Security requirements for establishing virtualized roots of trust | En borrador |
ISO/IEC AWI TS 27101. Information technology. Security techniques. Cybersecurity. Framework development guidelines | En borrador |
ISO/IEC DIS 27102. Information technology. Security techniques. Information security management guidelines for cyber insurance | En borrador |
ISO/IEC TR 27103:2018. Information technology. Security techniques. Cybersecurity and ISO and IEC Standards | Publicada |
ISO/IEC PDTR 27550. Information technology. Security techniques. Privacy engineering | En borrador |
ISO/IEC AWI 27551. Information technology. Security techniques. Requirements for attribute-based unlinkable entity authentication | En borrador |
ISO/IEC DIS 27552. Security techniques. Extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management. Requirements and guidelines | En borrador |
ISO/IEC AWI TS 27570.
Information Technology. Security Techniques. Privacy guidelines for Smart Cities |
En borrador |