DCC Standards Watch Papers: Information Security Management: The ISO 27000 (ISO 27K) Series

The Digital Curation Centre has released Information Security Management: The ISO 27000 (ISO 27K) Series.

Here's an excerpt:

The flexibility of digital information can be regarded as a great strength. As software and hardware develop, data can be created, accessed, edited, manipulated and shared with increasing ease, The corollary is that data is vulnerable to unauthorised access, alteration or manipulation, which without checks can easily go undetected, and undermine its authoritative nature. Successful digital curation ensures that data is managed and protected so that its authority is maintained and retained throughout the curation lifecycle. To be authoritative data needs to remain authentic, reliable and useable, while retaining its integrity. These characteristics of data can be preserved through the implementation of an effective Information Security Management Systems (ISMS). . . .

The ISO/IEC 27000 is a series of standards which, when used together, specify the complete implementation of an ISMS. The series is still under development, with four of the planned standards currently published. Work is progressing on the completion of the remainder of standards ISO/IEC 27000 to ISO/IEC 27010. These cover the fundamental requirements of an ISMS, are applicable to any domain, and can be applied to any organisation regardless of size, structure or aim. ISO/IEC numbers after this have been reserved for sector specific implementation guidelines, most of which are still at the planning or pre-draft stage. The appendix summarises the development of the series to date.