Informationssicherheitsmanagement

Information security management

(Please note: This publication is only available in German.)

An increasingly digital world calls for new measures to ensure security: Information security management systems (ISMS) are already mandatory in many industries. These systems ensure the installation, maintenance and improvement of security-relevant measures, including regular audits. Even if a certified ISMS is not yet mandatory, it is nevertheless often seen as a means to build trust.

This DIN-Taschenbuch (in German only) brings together all the important standards on ISMS in one handy volume:

• DIN EN ISO/IEC 27000, Information technology — Security techniques —  Information security management systems — Overview and vocabulary
• DIN EN ISO/IEC 27001, Information technology — Security techniques —  Information security management systems — Requirements
• DIN EN ISO/IEC 27002, Information security, cybersecurity and privacy protection — Information security controls
• DIN EN ISO/IEC 27006-1, Information security, cybersecurity and privacy protection —Requirements for bodies providing audit and certification of information security management systems — Part 1: General
• DIN EN ISO/IEC 27007, Information security, cybersecurity and privacy protection — Guidelines for information security management systems auditing
• DIN EN ISO/IEC 27017, Information technology - Security techniques — Code of practice for information security controls based on ISO/IEC 27002 for cloud services

These standards deal with the fundamentals of ISMS, which are required to introduce and competently operate such systems. In addition, the documents collected here also contain information on conducting audits and information for bodies whose task it is to audit ISMSs. A standard for the secure management of cloud services is also included.
 

Information security standards respond to technical developments

ISMS standards must respond not only to new technological developments, but also to the changing methods of hackers and the increasing threat of information theft. The following changes have been made to this edition of the DIN-Taschenbuch:

• DIN EN ISO/IEC 27000, 27001, 27002 have been revised
  In the basic standard DIN EN ISO/IEC 27000, terms and definitions have been revised and new standards have been taken into account. The new DIN EN ISO/IEC 27001:2024-01 has been structurally adapted, and DIN EN ISO/IEC 27002, which was also updated at the beginning of 2024, contains new measures and now follows the harmonized structure (HS) specified for ISO management systems.
   
• DIN EN ISO/IEC 27006-1, 27007, 27017 are now included
  DIN EN ISO/IEC 27006-1 was reissued in August 2024, and is now Part 1 of a new series of standards. Information on remote audits, organizations without fixed locations and new job roles has been added. Also included in this collection for the first time is DIN EN ISO/IEC 27007, which has provided guidelines for auditing information management systems since 2022. DIN EN ISO/IEC 27017 is an important application guideline for dealing with security systems for cloud services.

DIN-Taschenbuch 408 "Information Security Management" brings together all the fundamental and some new documents in one compact volume.
 

Newly included documents:

DIN EN ISO/IEC 27006-1
DIN EN ISO/IEC 27007
DIN EN ISO/IEC 27017
 

Revised documents:

DIN EN ISO/IEC 27000
DIN EN ISO/IEC 27001
DIN EN ISO/IEC 27002

This book is for:
IT, data protection and security managers in companies, training and further education centres in the field of ISMS, certification bodies, auditors