Introduction To ISO27000:2012

ISO27000 defines the fundamental vocabulary, principles and concepts for the entire series of 27000 documents. Uniquely within the 27000 series of standards, this document is issued without charge (yes, totally free). The rationale for this is that it will promote the entire series, and that it will add value to the information security sector by helping to standardize core vocabulary more quickly.

The standard also replaces a number of other older information security vocabulary related documunts.

The first version of this standard was published in May 2009, with a full title of "ISO/IEC 27000:2009 Information technology -- Security techniques -- Information security management systems - Fundamentals and vocabulary". It was updated and republished towards the end of 2012, with a number of additional and refined definitions. It can be obtained via the ISO website [currently via the following URL, but this is subject to change:]


The content sections are:
  • Introduction
  • Scope
  • Terms and Definitions
  • Information Security Management Systems
  • ISMS Family of Standards
  • Annex A: Verbal forms for the expression of provisions
  • Bibliography

ISO27k Fundamentals