Topic-specific policies
ISO/IEC TR 27016


Search this site
 

ISMS templates

< Previous standard      ^ Up a level ^      Next standard >

 

ISO/IEC TR 27016:2014 — Information technology — Security techniques — Information security management — Organisational economics (first edition)

 

Abstract

“ISO/IEC TR 27016:2014 provides guidelines on how an organisation can  make decisions to protect information and understand the economic  consequences of these decisions in the context of competing requirements for resources. ISO/IEC TR 27016:2014 is applicable to all types and sizes of  organisations and provides information to enable economic decisions in  information security management by top management who have  responsibility for information security decisions.”
[Source: ISO/IEC TR 27016:2014]
 

Introduction

There are substantial economic/financial/resourcing aspects to the management of information risks and security controls.

 

Scope and purpose

The ISO catalogue page says this standard “provides guidelines on how an organisation can make decisions to protect information and understand the economic consequences of these decisions in the context of competing requirements for resources.”

 

Status of the standard

The standard was first published in 2014 as a Technical Report rather than a full International Standard, since this was deemed a developing field of study. Evidently the field has not developed much since the standard has not been updated - yet - but read on ...

Dec: second edition in prep Work has commenced on a second edition. References will be updated to the 2022 editions of ISO/IEC 27001, 27002 and 27005, and the guidance is to be improved based on practical experiences gained with the first edition.  The title is to be reconsidered and conceivably this standard may progress from a TR to a full International Standard.

 

Personal comments

Some of the more generic parts of the text may be more appropriate in the ISO27k overview sections of ISO/IEC 27000.

 

< Previous standard      ^ Up a level ^      Next standard >

Copyright © 2024 IsecT LtdContact us re Intellectual Property Rights