Sources of the ISO27k standards themselves

ANSI sells “INCITS” versions of ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27006 as PDF downloads for just ^US$30 each. These are the official, legitimate, single-user versions, not pirated rip-offs, and as such are great value. The standards can also be purchased rather more expensively from ISO, from the national standards bodies such as the British Standards Institute and from various commercial organizations. There are several sources so shop around for the best deals, for example on Google.
Several national standards bodies release translated versions of the ISO/IEC standards in their own languages. They all go to great lengths to ensure that the translations remain true to the original, causing some delay while the English language versions from ISO/IEC are translated, reviewed and released.

Further info on the ISO27k standards & their implementation

Incident response specialists QCC Information Security offer top-notch consultancy services and products for incident response, digital forensics, security and risk management, and GRC (governance, risk, compliance).
The State of California Office of Information Security & Privacy Protection publishes useful infosec materials including example security policies, procedures, checklists, agreements and requests for proposals. Conveniently, the Government Online for Responsible Information Management (Go RIM) section has a wealth of materials structured in line with ISO/IEC 27002.
CLUSIF (Club de la Sécurité de l'Information Français) offers MEHARI, a risk assessment and management methodology that applies ISO/IEC 27005 guidance to ISO27k’s PDCA cycle. Don’t be put off if your French is a poor as mine: the information and tools are also available in English.
If you are actively implementing the ISO27k standards, you are welcome to join the ISO27k Forum to discuss the practicalities with others doing the same thing. The international community offers free ISO27k implementation advice, giving you the benefit of our collective experience in this field. Your own thoughts and inputs are most welcome, including queries, comments, contentious points to discuss, and feedback or improvement suggestions for this website.
The ISO site lists standards under the remit of JTC1/SC27.
Certification bodies such as International Standards Certifications audit ISMSs in order to certify their compliance with ISO/IEC 27001. It is recommended to contact a certification body well before you plan to get your ISMS certified as they will need to schedule their auditors, and can offer advice on the fine details of the audit process while you still have time to line up your organization. By the way, it is worth thinking about combining certification audits for multiple management systems standards such as ISO 9001 and ISO/IEC 20000, as well as ISO27k.
ISO/IEC 27001: the future of infosec certification by Taiye Lambo, originally published in ISSA Journal, outlines reasons for implementing an ISMS including legal and regulatory compliance as well as reducing the costs arising from information security incidents.
A report by the Government of the Hong Kong Special Administrative Region outlined ISO27k plus related standards, regulations etc. including PCI-DSS, COBIT, ITIL/ISO 20000, FISMA, SOX and HIPAA.
A handy guide to the process approach is available on ISO’s ISO 9000 website.
Ismael Valenzuela in [IN]SECURE eZine explained how information security can and indeed should be integrated with the systems development lifecycle (SDLC), using ISO/IEC 17799 (now ISO/IEC 27002). The piece included a table linking specific clauses in the ISO/IEC standard to SDLC phases starting from the risk assessment stage, prior to drawing up security requirements, and continuing right through development, testing and operations to eventual retirement of the system at the end of its life.
British Standards Institute has published a number of useful little ISMS guidance booklets over the years including BSI/DISC PD005 which contained a very handy overview diagram showing the typical lifecycle of an organization’s ISMS project. It would be good to see the parts of this older material recycled into the new.
www.ISO27000.es is “el portal de ISO 27000 en Espagñol”, the Spanish language equivalent to this site, while www.ISO27000.ru is the Russian version.
Comunidade Portuguesa de Segurança da Informação is a Portuguese community for those interested in implementing ISO27k information security management systems (mainly in Portuguese but with some good papers also in English).
Open Directory Project (ODP) has a page of links to information security standards.
Wikipedia has basic information pages on the issued ISO27k standards.

General information security management sources

Browse the Unified Controls Framework (UCF) controls spreadsheets or search the UCF database to find out what laws, regulations, standards etc. they are tracking, including ISO27k. Read the Science of Compliance eBook for clues on structuring your own compliance program, or try their Science of Compliance webinar.
A piece by Ted Humphreys explaining the purpose and value of ISO/IEC 27001 might be a good way to introduce the ISO27k concept to your managers. It incorporates endorsements by companies that have benefited from adopting the standards.
A ROSI calculator takes user-entered values for Single Loss Expectancy to calculate Annual Loss Expectancy, then assesses the projected annual cost savings due to controls, and finally offsets the cost of those controls to generate the Return On Security Investment - which is fine if you can estimate the costs and effectiveness of your controls (good luck!).
Introducing the IBM Security Framework and IBM Security Blueprint to Realize Business-Driven Security has some well thought-through advice on positioning and exploiting information security management for business advantage.
A French government website dedicated to information systems security provides, amongst other stuff, the risk assessment methodology EBIOS and associated tool for Windows, Linux ...
IT security guidance from the Canadian Government has some interesting documents on risk assessment etc.
Russ McRee, author of the Toolsmith column in ISSA Journal, maintains a page of links to infosec standards.
We review books on ISO27k and related standards on this site.
CCcure.org lists useful books and other resources for CISSP and related qualifications, all of which are also good reference material for ISO/IEC 27001, ISO/IEC 27002 etc.

Miscellany

“ISO” is not actually an acronym but the official name of the Swiss organization responsible for coordinating the world’s national standards bodies. Joint Technical Committee 1 (JTC1) looks after ISO’s IT standards while JTC1 Sub Committee 27 (JTC1/SC27) is specifically responsible for the standards covering IT security techniques. JTC1/SC27 is busy, judging by the number of security papers currently under consideration for encryption, privacy and identity management as well as ISO27k.
ISO27k traces its roots back to British Standard BS 7799 and before that a Code of Practice released by the UK Government’s DTI (Department of Trade and Industry). The DTI is now called BIS (Business Innovation and Skills) but retains an interest in promoting information security.
ISSEA (the International Systems Security Engineering Association) is a non-profit professional organization dedicated to the adoption of systems security engineering as a defined and measurable discipline.
IsecT Ltd. owns and operates this website along with several others including our corporate website, NoticeBored (our innovative ISO27k-aligned security awareness subscription service) and SecurityMetametrics describing PRAGMATIC security metrics.