< Previous standard ^ Up a level ^ Next standard >
ISO/IEC TR 27016:2014 — Information technology — Security techniques — Information security management — Organisational economics (first edition)
Abstract
“ISO/IEC TR 27016:2014 provides guidelines on how an organisation can make decisions to protect information and understand the economic consequences of these decisions in the context of competing requirements for resources. ISO/IEC TR 27016:2014 is applicable to all types and sizes of organisations and provides information to enable economic decisions in information security management by top management who have responsibility for information security decisions.” [Source: ISO/IEC TR 27016:2014]
Introduction
There are substantial economic/financial/resourcing aspects to the management of information risks and security controls.
Scope and purpose
The ISO catalogue page says this standard “provides guidelines on how an organisation can make decisions to protect information and understand the economic consequences of these decisions in the context of competing requirements for resources.”
Status of the standard
The standard was first published in 2014 as a Technical Report rather than a full International Standard, since this was deemed a developing field of study. Evidently the field has not developed much since the standard has not been updated - yet - but read on ...
Work has commenced on a second edition. References will be updated to the 2022 editions of ISO/IEC 27001, 27002 and 27005, and the guidance is to be improved based on practical experiences gained with the first edition. The title is to be reconsidered and conceivably this standard may progress from a TR to a full International Standard.
Personal comments
Some of the more generic parts of the text may be more appropriate in the ISO27k overview sections of ISO/IEC 27000.
< Previous standard ^ Up a level ^ Next standard >
|