ISO/IEC 27008

E515949

ISO/IEC standard information security standard international standard

ISO/IEC 27008 is an international standard that provides guidance for auditors on reviewing and assessing information security controls within an organization’s information security management system.

Try in SPARQL Jump to: Surface forms Statements Referenced by

All labels observed (1)

Label	Occurrences
ISO/IEC 27008 canonical	1

Statements (42)

Predicate	Object
instanceOf	ISO/IEC standard ⓘ information security standard ⓘ international standard ⓘ
appliesTo	organizations implementing an information security management system ⓘ
concerns	control effectiveness evaluation ⓘ evidence collection for information security audits ⓘ information security risk treatment controls ⓘ
field	information security ⓘ information security auditing ⓘ information security management ⓘ
focusesOn	assessment of information security controls ⓘ information security management systems ⓘ review of information security controls ⓘ
governingBody	ISO/IEC JTC 1/SC 27 NERFINISHED ⓘ ISO/IEC Joint Technical Committee 1 NERFINISHED ⓘ
hasType	guidance standard ⓘ
intendedUse	support conformity assessments of information security controls ⓘ support information security audits ⓘ
objective	enhance confidence in the operation of information security management systems ⓘ promote consistent assessment of information security controls ⓘ support reliable audit conclusions on information security controls ⓘ
partOfSeries	ISO/IEC 27000 family NERFINISHED ⓘ
providesGuidanceFor	auditors ⓘ external auditors ⓘ internal auditors ⓘ
publishedBy	International Electrotechnical Commission NERFINISHED ⓘ International Organization for Standardization ⓘ
relatedToStandard	ISO/IEC 27001 NERFINISHED ⓘ ISO/IEC 27002 NERFINISHED ⓘ
scope	guidance on determining the appropriateness of selected information security controls ⓘ guidance on evaluating implementation and operation of information security controls ⓘ guidance on reviewing and assessing controls in an information security management system ⓘ
status	active standard ⓘ
subjectMatter	criteria for reviewing information security controls ⓘ evaluation of information security controls ⓘ methods for assessing effectiveness of controls ⓘ
supportsAssessmentOf	ISO/IEC 27001 controls ⓘ ISO/IEC 27002 controls ⓘ
supportsImplementationOf	ISO/IEC 27001 NERFINISHED ⓘ
targetAudience	ISMS auditors ⓘ information security auditors ⓘ information security professionals ⓘ

Referenced by (1)

Full triples — surface form annotated when it differs from this entity's canonical label.

ISO/IEC 27000 family → includesStandard → ISO/IEC 27008 ⓘ